The Wikileaks saga of the last few days, which climaxed with the release of the first batch of more than 250,000 secret and confidential diplomatic cables sent by US embassies around the world published last night, are a classic example of what can happen when the evolving insider security threat is ignored says Imperva.
The saga – which took a curious twist on Sunday when Wikileaks’ servers came under a distributed denial of service attack – shows that organisations of all sizes seem to be preoccupied with defending against external attacks on their digital data assets, and are ignoring the internal security threat issue.
Yes, there are hackers out there, but IT history has shown that the rogue employee is also a threat. The banking community is now starting to take action to protect its assets, but organisations have a long way to go before they can truly tackle the very real risks that insider threats pose to their reputation and integrity.
According to the Guardian, Bradley Manning, 22 – a soldier (an intelligence analyst), has admitted to stealing the information and in fact stated how easy it was to gain access to the files.
It was childishly easy, according to the published chatlog of a conversation that Manning had with a fellow-hacker. “I would come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing … [I] listened and lip-synched to Lady Gaga’s Telephone while exfiltrating possibly the largest data spillage in American history.” He said that he “had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months”.
The source of the leak is believed to be the same individual responsible for the 75,000 document leak earlier this year – identified as a low ranking soldier who abused legitimate access to the information. This is the second time this has happened without any measures put into place to stop this happening. This illustrates the potential damage that insiders can cause in an organization
And as with most incidents of this type, the most noticeable sign of problems should have been the easily observable intensive access to multiple documents by an authorised user. However, it is very difficult for organizations today to control access to files at an individual level.
The rate with which sensitive information is generated in the form of files is ever growing, collaborative behavior is widely encouraged by management and employee turnover rates are high. Thus, while organizations must control and monitor individual access to specific files based on their contents, they must monitor employee behavior with respect to files in general.
Any user retrieving large numbers of documents a day should raise an alert on a good business IT security system. This presumes, of course, that the organisation is not pre-occupied with conventional security and has ignored the abuse of data access privileges.
This embarrassing fiasco – which is certain to drag on for some time – shows that the internal threat is not necessarily about unauthorised access to data, but rather the abuse of legitimate access. Organisations need to wake up to the complexities of internal threats, rather than simply relying on conventional IT security systems.