Insider Threat Surfaces Again

$65 billion private investment firm TPG Global LLC believes it’s been hit with threats from its former insider and spokesman. From Bloomberg:

(Bloomberg) — TPG Global LLC sued the former White House press aide it hired as a spokesman, alleging he threatened to “take down” the company after learning he wouldn’t be promoted and stole confidential documents that he doctored and sent to The New York Times.

Adam Levine, a deputy press secretary for President George W. Bush who joined the buyout company in 2008, called himself a “weapon of mass destruction” who could inflict harm by disclosing sensitive information and planting damaging stories about TPG, the company said in a revised complaint filed Wednesday in federal court in Fort Worth, Texas.

According to an e-mail Bloomberg cited as being from TPG, Levine was terminated for “egregiously improper and illegal behavior, which included among other things, stealing confidential and proprietary TPG internal information, data and equipment.”

Perhaps we’ll learn through the courts what happened at TPG and if the allegations are accurate or not. But one thing that is known is that while your employees and other insiders may not be the ones conducting the most attacks, they do pose a significant risk.

Data encryption software maker Vormetric recently commissioned a survey completed by Harris Poll and analyst firm Ovum. The survey included 818 IT decision makers from various nations, with just less than half from the U.S.

Interestingly, the press release highlighting the survey ignores most of the history of insider threats, and IT security for that matter, and partially concludes that the ineffectiveness of endpoint and perimeter security technologies is increasing the risk of the insider:

In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security. In tandem come warranted concerns about the number and types of employees who have access to sensitive data. While Edward Snowden may be viewed as the “insider threat” poster child, not all employees have malicious intentions. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.

No doubt that more users with more access to more data increase the risk. The threat from the insider has always been real and has been relatively steady over the years. While there are fewer attacks emanating form the inside, those with insider access and malicious intent have always been positioned to do considerable harm.

Additionally, from the Insider Threat Report survey:

  • 93% of U.S. respondents say their organizations were somewhat or more vulnerable to insider threats
  • 59% of U.S. respondents believe privileged users pose the most threat to their organizations
  • Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations
  • 46% of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organizations, yet 47% believe databases have the greatest amount of sensitive data at risk
  • 44% of U.S. respondents say their organizations experienced a data breach or failed a compliance audit in the last year
  • 34% of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor

Protecting oneself against the insider threat is one of the most challenging things enterprises can attempt to do. We’d be very interested in hearing how your organization goes about protecting itself from the potential threat of an insider gone wrong.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: