|Disgruntled employees – are you sure you have none?
Many businesses ignored the lessons WikiLeaks could teach, because they don’t trade in secret documents about diplomacy and wars, and missed the point. A survey of 200 IT and security professionals conducted by Ipswich FT at the 2011 RSA conference supports this: 40 % of respondents said their companies had dismissed the security implications. ‘Out of WikiLeaks we saw people blaming the devices instead of taking control of their data,’ Hugh Garber from Ipswich FT told Dark Reading: ‘Blaming a data breach on a portable device is like blaming a bank robbery on white vans.’
WikiLeaks’ 2010 publication of highly sensitive, unofficial diplomatic documents made many governments and organizations nervous. They grew more edgy when the New York Times reported that WikiLeaks was about to release sensitive Bank of America documents. While the media focused on the juicy details, the mechanism of the leak was the real surprise: it was the work of one disaffected employee. Could your organization be harbouring someone prepared to spill sensitive information - from emails critical of your clients or staff to valuable operational data and IP?
Post-WikiLeaks, that’s the question your and every business must ask, and review your data security in that context. There’s not much to stop anyone forwarding electronic documents to a journalist or a private e-mail account or stealing for financial gain: a trusted insider recently stole $10 million from Bank of America.WikiLeaks just reminds us how easy it is. Your organization may not be as large a target as the US Government or the Bank of America, but that doesn’t mean you’re not exposed.
It’s an Open World
In the paper and photocopier era, amassing and releasing almost 400,000 documents would have been just about impossible. Not any more: in the Internet era, it’s very easy. As security commentator Bruce Schneier observes: ‘Just as the music and movie industries are going to have to change their business models for the Internet era, governments are going to have to change their secrecy models.’
It’s not just big governments and US corporations that are targets. New Zealand is a pretty small target among western countries yet, in late 2010, information leaked to WikiLeaks revealed how Helen Clark’s government was pressured into sending troop’s to Iraq for fear that the NZ Company, Fonterra, would miss out on lucrative Oil for Food contracts.