While a lot of column inches and management consulting advice are available on the technologies that ensure data security, we often forget that one of the biggest gaps in security involves employees simply walking out the door with confidential data. Termed “insider threats,” these types of breaches are becoming a common data security risk in all industries.
Underscoring this issue, NDB, Switzerland's intelligence service, has warned U.S. and British intelligence agencies that it believes that secret information on counter-terrorism shared by foreign governments may have been compromised by a massive data theft by a senior IT technician for the Swiss agency. U.S. and U.K. agencies have been warned that their data may have been compromised.
Image via Shutterstock
Swiss authorities have arrested the technician suspected in the data theft last summer amid signs he was acting suspiciously. He later was released from prison, while a criminal investigation by the office of Switzerland's Federal Attorney General remains ongoing, according to two sources familiar with the case. The technician, who had reportedly worked for NDB for eight years, has not been publicly identified. It’s believed he intended to sell the confidential information he acquired. In fact, profit is one of the most frequently cited reasons for employee data theft.
Swiss investigators have said they believe the technician downloaded terabytes of information; most of it classified material, from the Swiss intelligence service's servers onto portable hard drives. He then carried them out of government buildings in a backpack.
The U.S. Central Intelligence Agency and Britain's Secret Intelligence Service, sometimes called MI6, routinely shared data on counter-terrorism and other issues with the NDB, which is why Swiss authorities informed U.S. and British agencies that the data could have been compromised. Neither the CIA nor MI6 responded to Reuter’s request for comments.
When it comes to preventing insider threats, security firms recommend taking a few precautionary steps, including conducting full background checks on all employees who will have access to confidential information, limiting employees’ access to sensitive data as much as possible, and regularly auditing who has access to what data. It’s also possible in some cases to block employees from being able to download or print sensitive information.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Brooke Neuman