Earlier this week, Swiss intelligence agency (NBD) warned US and UK counterparts that they might have lost terabytes of top secret data due to insider theft by a disgruntled IT admin. Reminds me of this xckd:
We emphasize insider threats and the importance of zero trust all the time at Varonis. Yes, it’s extremely important to secure the perimeter walls and use data loss prevention to protect endpoints. But perimeter defense is far more straightforward, if nothing else, than defending against those who appear to be on your team – Kingslayers.
Inside jobs happen over and over again because they’re so hard to stop. According to a Forrester survey in 2010 , 43% of data breaches were caused by “trusted” insiders. Just a few months ago, I wrote about the Zynga employee who, upon leaving the company, felt compelled to take 763 documents—including business plans and other IP—along with him.
So what do we do about it? The answer is actually in Varonis’ mission statement: we ensure that that only the right users have access to the right data at all times from any device, all use is monitored, abuse is flagged.
Where do you stand in the battle against insider threats?
Are you alerted when statistical deviations in file system and email activity occur?
We jokingly call this our early resignation detection system since, sometimes, when someone is about to resign, they copy everything they’ve ever worked on. But the alerting system in DatAdvantage was primarily designed to detect suspicious and potentially harmful behavior.
Are you alerted any time someone is granted admin-level access?
One of the top use cases for DatAdvantage for Directory Services is to always know exactly when someone is given super user rights, who granted it, when, and why. And perhaps even more importantly, we can see what they’re doing with that access.
Do you know when IT administrators can, and do, access business data?
There’s likely no good reason for an IT admin to be rifling through customer records, changing the contents of business data, or deleting files without justification. If you can say for certain that this isn’t even possible, you’ll be able to prevent a situation like NBD’s. Incidentally, one of the core reasons businesses cite for not wanting to move corporate data to the cloud is that they lack visibility into what the cloud provider’s IT admin are doing with their sensitive business data at any point in time.
 Source:Forrester, Forrsights Security Survey, Q3 2010