This latest data security breach at Citi epitomises the many ways in which data can go astray. In a recently publicised case, data was stolen from Citi by external hackers. The culprits in this most recent Citi data loss are believed to be “insiders” who
had privileged access to the bank’s systems. If any lesson is to be learnt from this incident, it is the need to have absolutely all bases covered; not just those that seem most at risk. In this context there remains a significant risk from inside the perimeter,
as this recent infringement clearly demonstrates, and the insider threat often combines with the external threat through collusion. Whilst most organisations have invested heavily in securing their systems from “external” threats, there has been proportionately
less investment in monitoring insiders through user activity auditing and control systems.
This scenario also underlines the importance of user education and getting ‘insiders’ – whether they be employees, subcontractors or third party vendors – to treat company data with the upmost respect and to make it clear to users that controls are in place
to identify the source of any data leakage. This is a critical element in any data loss prevention strategy. At the end of the day, no matter what systems and processes a company may implement, if an ‘insider’ wants to steal data, there is a residual risk
that they will find a way of doing so. However, they will be disinclined to attempt data theft if they know that they are likely to be found out; either before the event (through automatic generation of alerts) or after the event (through forensic examination
of user activity logs).
More generally, and in light of the many diverse threats, organisations need to ensure that they are constantly reviewing their policies, defences and controls. They need to perform regular risk assessments to identify where there is potential for data leakage
from insiders and where additional protection therefore needs to be put in place. Crucially, this can enable firms to get to ‘know their insider’ and the risks they represent.