It was recently confirmed that an insider at Morgan Stanley exposed the account information of hundreds of their most wealthy clients, only to be discovered after posting the information online in an attempt to sell the information.
With the potential devastation and losses these kinds of attacks can have on any business, Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, reviews insider threats and what organizations can do to protect their sensitive and vital digital assets.
Shakespeare may have immortalised the sentiment, but it’s a reality many organizations face every day; being betrayed by one once trusted, is the unkindest cut of all.
Morgan Stanley, a financial services corporation that has been serving companies, governments and investors from around the world since 1935, announced on Monday, January 5th, that it recently got a small taste of that particular pain.
According to a report published by CNN Money on the same day, an insider at Morgan Stanley exposed the personal details of hundreds of its richest wealth management clients, including names and account numbers, by posting them online, which they claim they found and took down on December 27th, before any of the 900 clients suffered any kind of economic loss due to the event.
It could have been much worse though. According to the report, logs indicated the insider had accessed records on 350,000 clients, a portfolio that last year made up assets worth more than a whopping $2 trillion. Had the perpetrator been more successful, the full magnitude of the cut would certainly have been agonizing, if not fatal.
Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, says, “If they have totally contained the problem and got everything pulled down before any damage was caused, they really dodged a bullet. They can be very thankful they have the resources and personnel to be able to relentlessly scour the dark corners of the Web to uncover sensitive data that got carried out of the castle by one of their own. The vast majority of businesses don’t have that luxury, but every one of them is facing the possibility of an insider going rogue every single day.”
Assessing the threats from within
“The first step to controlling the insider threat problem is knowing what you’re up against,” says Caruso. “Our cyber vulnerability assessments take into account who has access to what kinds of data internally for just that reason. Just because someone is hired by a company, doesn’t mean they should have carte blanche to everything. Access should always be restricted to only those with a direct need to access certain kinds of data. By working closely with the organization’s IT staff to get a better understanding of the data flow, how it’s used and who has and/or needs access, we can help identify trouble spots and offer ways to help solve them. We also offer electronic exit interviews which can help reveal what an employee on their way out may have accessed, downloaded or copied before leaving the company, helping to ensure that important data stays in-house instead of finding its way into the hands of a competitor or is used to cause trouble by a disgruntled ex-employee.”
The malicious insider – Scene 1
“From the ever present eye-in-the-sky in Vegas casinos, to the counter at a 7-Eleven, video surveillance has become a front line tool for not only protecting organizations from outsiders doing bad things, but also serving as a formidable deterrent against insiders behaving badly as well. So why not put that double edged sword to work protecting your network as well?” says Caruso.
“To that end, we’ve developed the C-All User Activity Monitor/Recorder, which records screen captures and keystrokes from any and all systems with the C-All client installed. C-All makes it easy to spot, understand and be able to prove exactly what kind of insider abuse or misuse may be occurring now, or has in the past. It also captures remote desktop sessions in full video and allows the playback of the sessions by user, or by session. Once installed, C-All begins capturing activity and archiving it on a secure server on the network with a compression scheme that doesn’t hog precious drive space and resources at all, capturing all sessions and storing them for easy playback. C-All also allows for real-time monitoring. From deciphering inexplicable declines in productivity, to arming legal staff or other company personnel with concrete, indisputable evidence of any illicit or destructive activity, our C-All User Activity Monitor/Recorder is the tool that shifts the balance of power back where it belongs, in the hands of trusted IT security staff, administrators, executives and business owners. So no more mysteries that can’t be solved or proven, and no more feeling out of control. C-All is easy to use and very customizable, so you can set triggers to alert IT security when certain files are being accessed, when certain sites are visited, or even when certain keywords are typed in, and those alerts can even be sent via email to get the right people on the problem right away. Yes, insider threats can be devastating, but there are certainly things that can be done to drastically reduce the chances of becoming the next headline-making victim of a rogue insider.”