Interesting to watch the increasing trend in the security industry of thinking more about insider threats. Is this because companies are feeling more on top of the external hackers and viruses, or a growing awareness of the need to control outbound information
flow as well as inbound?
Certainly there have been more press articles on this topic of late, be it the news a while back that Lloyds TSB had got itself some pattern recognition software to spot employee fraud, or the article at ZDNet which very sensibly includes "forgetting that
data traffic is two-way" as one of its four deadly security sins.
Of course if an employee is really determined to get information out they can write it on a piece of paper and walk out the door, but it's important to do what you can to control outbound data flow. And accidental breaches of confidential information can
be costly...
Such news articles are quickly forgotten, although the more juicy ones where an accidental information leak involves public figure humiliation or multi million dollar loss can give pub / dinner party cred to the teller. Perhaps for this reason alone we
are keeping a few of the most famous - and entertaining! - stories close to hand at all times as our personal reminder not to overlook the threat from the inside....