Extrusion: The story of 'trusted' digital insider theft
Computerworld - "The risk of cyber attacks continues to be high. Even organizations that have deployed a wide range of security technologies fall victim to significant losses. ... The percentage of incidents that are reported to law enforcement agencies remains low ... Attackers may reasonably infer that the odds against their being caught and prosecuted remain strongly in their favor." -- Computer Security Institute/FBI 2003 Computer Crime and Security Survey
In the hit parade of security technology buzzwords, antivirus and intrusion-detection systems are in the top five. After all, there are a lot of bad guys out there writing worms and trying to break in.
Stop for a second and ask yourself a question.
Is intrusion your key threat just because that's what the IT vendors are selling?
You know the joke about the cement factory in Poland. Every day, a worker leaves the factory at closing time with a wheelbarrow of sand. After a month of this, the guard finally says to the worker, "I know you're stealing something; I just can't figure out what the heck it is." The worker replies, "I'm stealing wheelbarrows." That's extrusion: unauthorized transfer of your assets in broad daylight.
The sources of insider theft
Let's examine the sources of digital asset extrusion: trusted insiders, human error and criminals. Trusted insiders are your employees, your suppliers and your customers. Employees may be the software development group that was axed or the sales representative who skims credit card transactions. Suppliers may be the courier who flirts with the receptionist or the night security guard who copies sensitive documents.
Outsourcing contractors are also threats. In the quest for operational efficiency, our industry outsources IT functions, but oddly, some banks and insurance companies outsource their information security functions even though their business is the most information-intensive industry on the planet.
What about human error? One extra click in Outlook, and a casual friend is on the distribution list together with the board members in the middle of due diligence.
Customers may not be direct threats, but many business-to-consumer Web sites are vulnerable to credit card theft by organized crime. Tens of thousands of stolen credit card numbers are offered for sale each week on the Web. This black market e-business, where credit card prices fluctuate with supply and demand, costs the financial system more than $1 billion a year and shows how easily personal information is being stolen and traded.
People do it because of anger and greed. Emotions are a powerful motivator, and anger at being terminated will
Security

- Backup and Disaster Recovery eGuide
- As the digital universe grows beyond imagination, enterprise IT executives face the daunting task of keeping their little pieces of it backed up...
- Forrester Research: Know your Facts: Understanding The Realities Of Desktop And Application virtualization
- Read Now.
- Windows 7 Migration Made Easier with Desktop Virtualization
- Read Now.
- Virtualization 2.0: The Desktop Revolution
- Read Now.
- Securing Data in the Cloud
- This document is intended to give a broad overview of our security policies, processes and practices. All Security White Papers
- Desktop virtualization keys innovation drive
- View now.
- Survival Guide: Overcoming the Obstacles to Effective Risk Management
- This virtual meeting for IT managers and CIOs is based on a new IBM study. Senior Vice Presidents and a Chief Technology Officer...
- The Evolution of Managed File Transfer
- Managed file transfer has evolved greatly from its earliest meaning of scheduled FTP to today's meaning of complete file governance, including visibility, enforcement,...
- How to cut software management costs and avoid over-spending in the future
- View now!
- Get a $20 Amazon Gift Card - Just watch a Demo
- View now! All Security Webcasts