- Recently a data breach struck the British television watchdog Ofcom, in which a whole slew of information was stolen. A former employee left the company with data about a number of broadcasting companies, including details about their budgets, revenue and television line-ups, as well as a variety of other useful information. In all, over 6 years’ worth of data was stolen. Ofcom’s former employee, after finding a temporary job at a broadcasting company, offered his new employers, UKTV, access to the data.
- Luckily, UKTV followed the rules of the game. Recognizing this as a breach of the Communications Act, the company in question refused the data and alerted Ofcom of the breach, ultimately saving an enormous headache for Ofcom and the broadcaster’s whose data they collected. However, as far as pernicious data transfers are concerned, this is likely the exception and not the rule.
- The questions facing businesses are, “How did this employee manage to steal such commercially sensitive information without getting stopped?” and, more generally, “How can companies protect themselves from the growing danger of internal threats?”
“How can companies protect themselves from the growing danger of internal threats?”
Internal threats can be difficult for companies to deal with, because they change the paradigm of cybersecurity: solutions built to protect information from out-of-network threats become useless. Insider attacks are acts of mutiny, rather than typical acts of war. It might be helpful to analogize your business to a Shakespearean castle. While the enemies at the gate might be obvious, there are equal dangers lurking within that can be harder to detect. In the case of Ofcom, it is not clear whether or not the employee should have had access to the data he tried to give away. But, even if he did, companies can still take action to protect themselves.
InCyber Comments:
The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.