As evidenced by the Wikileaks lead story in today’s news, it is very easy for data that is of the most secure nature to make it to the public domain. Though your business may not have the same impact as the State Department or the Department of Defense, your business could suffer or die if critical data leaves your office.
At the heart of the WikiLeaks story is a 22 year old soldier, Bradley Manning, who claimed:
It was childishly easy, according to the published chatlog of a conversation Manning had with a fellow-hacker. “I would come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing … [I] listened and lip-synched to Lady Gaga’s Telephone while exfiltrating possibly the largest data spillage in American history.” He said that he “had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months”.
Manning told his correspondent Adrian Lamo, who subsequently denounced him to the authorities: “Hillary Clinton and several thousand diplomats around the world are going to have a heart attack when they wake up one morning and find an entire repository of classified foreign policy is available, in searchable format, to the public … Everywhere there’s a US post, there’s a diplomatic scandal that will be revealed. Worldwide anarchy in CSV format … It’s beautiful, and horrifying.”
He added: “Information should be free. It belongs in the public domain.”
Your company or department’s data can only be secured so much. As with most network attacks or hacks, this attack was from an internal resource who had authorized access to this information. Data loss prevention is the new trend in technology security. Locking outside intruders is no longer enough to protect your valuable data, you need robust systems to control access and dissemination of protected and private company information.
Disgruntled employees, corporate espionage, and others could take the one thing that makes your company unique. Whether it’s a process, patent, or client list, access to this data is what makes your company viable. Take appropriate means to ensure its integrity.
To read more on DLP:
To read more about the wikileaks case: