Insider Threat to Information

A key executive leaves a financial services firm, purportedly to work in another industry. Any company would be disappointed to lose a senior executive. However, in this instance, he was followed by a spate of exits from his team. Thereafter the CEO also found from customers that this Executive had joined a competitor company and competitor was using certain confidential key numbers in their planning reports and presentations to customers. CEO also found that Executive had taken several hundreds of confidential electronic files with him to the other company.

The CEO was concerned that in spite of hardening of computers and laptops, Executive was still able to remove information from the company. CEO took his IT people to task but information was already lost and damage done. This is a scenario that plays out quite frequently in our workplaces i.e. employees on their way start taking out information even before notice period starts. In fact employees start chalking out information extraction strategies around the time they start looking for other opportunities. Information thefts due to insiders’ actions are perhaps the biggest causes of information security breaches. In this particular situation it was later found after a forensic investigation that the key Executive took out information via following means:

1. Emails to his own personal external accounts
2. New software was loaded in his laptop by IT in the fortnight before his last date and while installation IT department had to suspend the end point controls on the laptop for a day but Executive kept the laptop during this time. Executive exploited this by downloading information in a USB drive.
3. He also exploited weakness in his Smartphone mobile where he was able to download email attachments into external cards.
Investigation revealed that Executive had been preparing for his move for quite some time and intensified during his 3 months notice period. So what can company do to help identify such a malicious insider and prevent such information theft?

1. It is very important to do a risk assessment from the perspective of vulnerabilities. Risk managers would do well to think out specific scenarios to challenge the IT department’s controls.
2. Look for Red flags
a. Employees using personal rapport with IT to seek out vulnerabilities & loopholes to get around controls.
b. Employees who have a grudge against the company or are constantly talking about changing jobs
c. Increased rule-breaking or misbehavior,
d. Physical altercations
e. Breaking dress code
f. Suspicious behavior
g. Signs of extreme stress
3. Educating employees including IT and IT helpdesk about the human aspects of information securities.
4. Annual renewals of non-disclosure agreements and employee education are key to protecting your company from the malicious insider and creating a culture of security
5. Instituting very specific controls during the notice period so that employee does not get any opportunity to take information out. These controls should kick-in when employee resigns. In fact managers should begin controlling access even if they suspect an employee is looking out.
6. Run vulnerability assessments, penetration tests and network scans to identify internal and external weaknesses on a quarterly basis. Security configurations should be compared with the baseline every 15 days.
7. Putting content based controls on emails.
8. Monitoring
a. Increased or unusual patterns in network/workplace access
b. Log reports of attempted unauthorized access
c. Large data transfers during non business hours
d. Frequent emails to outsiders with attachments
e. Excessive file downloads

Other Services of Interest

  • Cloud Security - Knowledge Snippets

    Riskpro presents a series of 5 articles / newsletters on cloud security. Cloud computing is attractive because it offers agility, resiliency and economy to organisations which adopt it. What is less...
  • Corporate Training Ideas - Risk Management and Compliance

    The following training options are appropriate for Banks, NBFC and small banks. • Basic fundamentals of Risk Management (half day) o Including Fraud, Reputational Risk issues also apart from...
  • Third Party Risk Management (TPRM) - Webinar

    EVENT OVERVIEW: TPRM or Third Party Risk Management is not a new concept, but something that needs to be addressed today. With Cybersecurity, Privacy issues emerging every day, often we find that...
  • Global Compliances - Free Webinar on key Global Regulations

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on how to be future ready with respect to Global Compliances. Alleviate risk and strengthen your control on global compliance with this...
  • Sarbanes Oxley (SOX) Compliance - Free Webinar

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on SOX (Sarbanes Oxley) Compliance which will take you through the applicability and requirements of the SOX 404 and 302 Act. The...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Go to top