It's the topic everybody is talking about this week: WikiLeaks. For those of us who are news junkies, it has been a fascinating, if not disturbing and worrisome, story to follow. For those who are involved in enterprise security, it should be causing some concern. The information that has been published on WikiLeaks shows one of the biggest security flaws in any organization: the disgruntled employee.
A NetworkWorld article pointed out that while it is the angry employee "going postal" on the company with violence that grabs the headlines, there are thousands of other employees who are unhappy or have an ax to grind against their employers and want to do something to sabotage the business. There are too many gaps in the way secure data is handled and too many points of access for unauthorized users. Quoting Doug Powell, manager of smart grid security at BC Hydro in Vancouver, the article stated:
While it is important to have properly defined roles, privileges and access levels, secondary protocols are needed to control the way data is manipulated in a trusted environment. Equally important is the need for controls to monitor even the most trusted of personnel, Powell said. Being 'trusted' should not imply less scrutiny, it should imply greater scrutiny given that greater trust assigned to an individual allows for a greater potential for loss.
The WikiLeaks story falls on the heels of a survey published by Solera that found most companies aren't prepared with an effective response to security events. According to Solera Networks VP of marketing and product management, Pete Schlampp:
Recent posting of confidential diplomatic cables on WikiLeaks further supports the fact that organizations are ill-prepared to protect valuable and sensitive data. As reported in a recent Solera Networks survey on network forensics, a vast majority of organizations-government or enterprise-are not adequately prepared to determine the source and scope of hacks, cyber attacks or information leaks. They cannot produce clear digital evidence of a network security event. The survey found that 96 percent of those surveyed recognize the importance of real-time situational awareness-yet only about 19 percent say they have any capability to determine the extent of a breach or leak. In-depth interviews from the survey further indicate that only a fraction of the supposed prepared group can gather enough information from an attack to prevent it again in the future.