Outside hacking attacks grab headlines. Data breach concerns cause sleepless nights within the C-suite of many organizations. And ransomware strikes fear into companies without sound backup practices and true Information Governance programs. But a different (and sometimes more sinister) problem often goes undetected within the four walls of those same organizations’ firewalls and barriers to entry. It’s not radon. It’s the issue of data compromise or “leakage,” perpetrated by employees, to the tune of billions of dollars every year.
In Technological and Information Governance Approaches to Data Loss and Leakage Mitigation, a recent article published in Computer Science and Information Technology as part of the proceedings for the 12th International Conference on Cyber Warfare and Security (ICCWS 2017), the authors addressed this issue. In particular, the article examined the insider (and sometimes existential) threat employees pose when those employees simply access and utilize systems they need in order to do their jobs. Sadly, much like customer service jobs that would be perfect but for the customers, employees present a “conundrum where [those] employees are both the potential creators as well as the potential solution(s) to an insider threat.” That is, when an employee single-mindedly pursues a business task or objective, he or she may employ a data transfer mechanism that operates as a “bit player, used only for a one-off data transfer or movement according to a fleeting purpose,” that also subverts the organization’s data protection strategy in ways not contemplated by IT professionals, who are geared up to fight a battle against foreign agents and outside threat vectors. Continue Reading