I Spy: A Clear and Present Inside Danger

Written by

When most people think of spies, their minds will likely wander to the 007 franchise. The world of the spy seems glamorous, exciting and in reality, very far removed from our everyday lives.

At the same time, if you’re working in a corporate environment, you will have no doubt at some point heard the term ‘corporate espionage’. But if movies are to be believed, this only happens in really big ‘high-stakes’ organizations, at the very top amongst men and women in very expensive business suits, right? Wrong.

Today, satisfied or disgruntled employee, your colleague, or even your boss can pilfer data. Individuals can easily syphon off sensitive corporate information and pass it to unauthorized third-parties. Systems can also be infiltrated by those that wish to do your business harm or gain a competitive advantage from your data.

Don’t believe me? You only need to conduct a quick Google search and you will uncover a variety of high-profile Silicon Valley cases involving corporate espionage to this very definition. The practice of this kind of data exfiltration is rife, even far beyond Santa Clara, and has the scope to turn sour (and into a legal matter) very quickly… Not to mention, it can actually cost an organization valuable business, erode trust and in extreme cases create irreparable brand damage.

The question is, how do you protect yourself, and your company’s most precious asset, its data, against the invisible enemy of an insider threat? You can’t lock down the enterprise, and you likely don’t have the resources to monitor every individual’s activities on a daily basis.

Two steps to build counter intelligence

Step one is multifaceted. It starts with implementing a corporate information security program which keeps the protection of sensitive data at the forefront. You have to start by defining what information needs to be protected most, and where does this data reside. Is it in the data center or on the endpoint devices of your employees? It’s likely a bit of a 50/50 split.

You also have to work out an education program for your employees — making them aware of effective data protection practices, and reminding them of what to look for in the form of both malicious and unintended threats.

Most importantly though, a good information security program hinges on choosing the most effective technologies delivering meaningful and actionable results. Whether your business chooses to store data in the cloud with a third-party provider, on-premise, and/or on endpoint devices, you must ensure that it is encrypted end-to-end, with the encryption keys controlled by the enterprise itself. This way, if data does somehow make its way out of the enterprise, it will not be in a legible form.

Step two involves an appropriate amount of monitoring focused on data movement triggered by employees or compromised systems. Now, you may be thinking no one has time to monitor the behavior of every employee and every system, but there are best-in-class tools perform this function. The right technology investments and overall tool portfolio will be able to flag abnormal data usage, download or access patterns and alert the security team accordingly. These teams often work with the relevant lines of business managers and other stakeholders.

I’d like to believe there may be a legitimate reason why Tim in HR is downloading all the information of our execs, but his boss Helen might disagree as she knows he’s leaving in two weeks. The thing is, without having a tool in place that can monitor and flag these issues for you to investigate, you may be putting your business at risk.

Be ready to recover, quickly

The other side of the story is of course, that no matter how prepared you are — the insider threat will strike at some point. Whether it’s an honest mistake by an employee accidently clicking on a dubious link or genuine corporate espionage; the probability is high that at some point your organization will lose control or access to some of its data. It is at this point that your ‘Corporate Resiliency’ plan needs to be capable of real-time recovery of this critical information.

Organizations also need to have a tried and tested incident response plan in place. A key part of this should include deploying automatic, continuous endpoint backup with real-time recovery on every machine in your organization. Best in class real-time recovery systems allow impacted users to restore affected devices independently with zero IT support.

This is also a system that should, as mentioned previously, be able to alert appropriate personnel to unusual data changes and flow within the organization — potentially helping to avert a crisis.

Recovery is also about agility. An organization should be able to quickly and efficiently analyze what happened and present a plan of action moving forward — all whilst providing solid reassurances to all stakeholders on future data security practices.

What’s hot on Infosecurity Magazine?