How Bob became an insider threat at his company…

… and what could have been done to prevent it.

It was about 12:30 in the afternoon when Bob got the call from Barry, the marketing person in charge of competitive intelligence at his company. Barry’s tone was serious. “Bob, we just managed to get one of  Xyz’s internal papers with a competitive analysis of our products. They mentioned a fault with our product, and sourced your website. Do you know what’s going on?” Bob didn’t, and asked Barry to send him a copy of the document.

What Bob saw turned him white.He was guilty, knew exactly what happened, and why it happened.  Xyz had a footnote into their document which sourced his personal website as follows:
http://www.mywebsite.com/c:\users\me\documents\thenastyfile.pdf

At the time, Bob’s company had no backup policy. He used Webdrive, a program to map ftp sites as drive files, to backup his files to a local server for archiving. He also used Webdrive to work on his personal website.  Bob was multi-tasking, and instead of backing up his  files, he posted them to his website.

Bob was sick. Visions of losing my job were at the front of his mind. Bob called his boss, confessed, and was in turn told to call the Chief Security Officer.

The CSO asked Bob to get the logs from his personal website. What the CSO found, in addition to the document described above, was that a document called “customers.csv” was accessed. Fortunately, it was just a list of prospects that Bob had gathered, and not his true customer list. Still, Bob’s competitor now had an idea of what accounts he was going after.

Bob didn’t lose my job, but learned a big lesson a very hard way. Do not handle sensitive corporate data in an insensitive way. As stated above, Bob was multi-tasking, trying to quickly get a backup in while watching a webinar. He should have been more precise and focused when performing a backup.

Bob admitted his mistake, but there are ways that my company could have prevented this mistake.

  • There was no security education program at the time for end users.
  • The company did not do their own backups on laptops, so I had to do my own.
  • Data Loss Prevention could have been used to mark the files as sensitive, and warned or prevented Bob from sending them.
  • FTP use could have been restricted.
  • User behavior analytical tools could have been deployed to identify the change in my activity.

(BTW, some of the same tools could have been used to catch Edward Snowden)

I work at Forcepoint, a leader in user behavior analytical tools, data loss prevention, and web and email security. The tools we have help prevent this type of threat.

Have you thought about similar situations at your company. Are you vulnerable as well? If you think so, let’s talk. 1-410-470-3490 or send an email to pmisner@forcepoint.com

 

Leave a Comment

Your email address will not be published. Required fields are marked *

5 + 6 =