“Et tu, Brute?” meaning “Even you, Brutus?” is a Latin phrase often used poetically to represent the last words of Roman Dictator Julius Caesar to his friend Marcus Brutus who betrayed him at the moment of his assassination.
Last week within the span of a day, I heard from 3 companies who got breached. The common thread is that all of the breaches were inside jobs. When I say inside jobs, I mean one of their own trusted employees created the data breach.
With one of these companies, an employee was terminated for sleeping on the job but later it was discovered that he had installed several back doors (a method to work around conventional authentication mechanisms). He had full access to intellectual property and the ability to manipulate and control the IT systems. Luckily, the company had developed an effective incident response readiness program and was able to limit the impact of the former employee turned rogue. We hear a lot about China hacking the U.S., but the inside threat is still real.
A shockingly more recent study showed that over half of fired employees steal company data! The problem is not always disgruntled employees. In further research, they found that 62 percent of employees think it is acceptable to transfer corporate data outside the company on personal devices and cloud services. The majority of this externally transferred data never gets deleted, leaving it vulnerable to data leaks. While the external threats have increased dramatically in the last decade, let’s not forget the folks with easy access right under our noses, the frenemy within.
Does your company have an employee policy regarding intellectual property?