Nipping the inside threat in the bud

COMMENT ON THIS ARTICLE

No CIO wants to believe that the greatest threat to their firm’s corporate security might be on their very own payroll. Given some recently startling examples of the developing “insider risk” trend, however, the prospect is one that most IT leaders are being forced to contemplate.

Witness the details of a case involving Gary Min, a scientist at DuPont, a decade of experience under his belt working for the U.S.-based chemical giant. Released last month by the U.S. attorney’s office, they show that Min pleaded guilty to stealing proprietary data from a DuPont electronic library and taking the information with him to a new job with rival Victrex PLC out of England. Min now faces a maximum of 10 years in the slammer and a fine of US$250,000.

Although it was later discovered that Min’s downloading activity was 15 times greater than that of the next-heaviest user during the period in question, this bloating of the network pipes went undetected. Could Min’s machinations been nipped in the bud had a more rigorous network monitoring policy been in place?

Undoubtedly, yes.

The situation around inside threats and protecting against them is akin to the changing of smoke detector batteries within the home twice a year: It’s easy to put the task off and comfort oneself with the misleading thought that, “It won’t happen to me.”

Odds are it won’t, and the odds also are that one’s employees are good people with no desire to illegally profit from the stealing of the company’s data stores. But you never know for sure, unless the battery is changed or the networks monitored effectively.

Typically, in the pre-Internet age, knowledge of company secrets within most firms was tightly guarded amongst a select group of senior management members. Being at the top of the corporate heap, most had no interest in applying what they knew to any nefarious, profit-driven purposes.

The situation is drastically different today. In the era of business intelligence in which we live, sensitive corporate info is at the fingertips of a much larger percentage of an outfit’s charges than ever before. The risk of a DuPont-style catastrophe has skyrocketed — and the need for effective monitoring policies has grown right along with it.

Hiring someone to mange the monitoring process should be on the radar screens of today’s CIOs. The cost of that salary is more than worth avoiding the cost of data loss and the embarrassing PR that accompanies it. Just ask DuPont.

QuickLink 076353

COMMENT ON THIS ARTICLE

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now