Monday 25 June 2007

The insider threat

It seems to me that recently there’s been a general trend in the security industry to start thinking more about insider threats. I don’t know if this is because companies are feeling more on top of the external hackers or viruses, or whether it’s just that awareness is growing that everyone needs to control outbound information flow as well as inbound. Regulations like Basel II, Data Privacy and MiFID certainly are helping to focus a few minds.

I’ve seen a few more articles in the press about this topic over the last few weeks, as well as the news that Lloyds TSB has got itself some pattern recognition software to spot employee fraud. This article at ZDNet very sensibly includes “forgetting that data traffic is two-way” as one of its four deadly security sins.

Of course if an employee is really determined to get information out they can write it on a piece of paper and walk out the door, but it’s important to do what you can to control outbound data flow. And accidental breaches of confidential information can be costly! We’ve got a few of the more famous (and entertaining) ones listed on our website here (scroll down for the list when you get there).

No comments: