Oops, we lost a few terabytes! NBD!

December 11, 2012

Earlier this week, Swiss intelligence agency (NBD) warned US and UK counterparts that they might have lost terabytes of top secret data due to insider theft by a disgruntled IT admin.  Reminds me of this xckd:

Chain of Command

We emphasize insider threats and the importance of zero trust all the time at Varonis.  Yes, it’s extremely important to secure the perimeter walls and use data loss prevention to protect endpoints.  But perimeter defense is far more straightforward, if nothing else, than defending against those who appear to be on your team – Kingslayers.

Inside jobs happen over and over again because they’re so hard to stop. According to a Forrester survey in 2010 [1], 43% of data breaches were caused by “trusted” insiders.  Just a few months ago, I wrote about the Zynga employee who, upon leaving the company, felt compelled to take 763 documents—including business plans and other IP—along with him.

So what do we do about it?  The answer is actually in Varonis’ mission statement: we ensure that that only the right users have access to the right data at all times from any device, all use is monitored, abuse is flagged.

Where do you stand in the battle against insider threats?

Are you alerted when statistical deviations in file system and email activity occur?

We jokingly call this our early resignation detection system since, sometimes, when someone is about to resign, they copy everything they’ve ever worked on.  But the alerting system in DatAdvantage was primarily designed to detect suspicious and potentially harmful behavior.

Are you alerted any time someone is granted admin-level access?

One of the top use cases for DatAdvantage for Directory Services is to always know exactly when someone is given super user rights, who granted it, when, and why.  And perhaps even more importantly, we can see what they’re doing with that access.

Do you know when IT administrators can, and do, access business data?

There’s likely no good reason for an IT admin to be rifling through customer records, changing the contents of business data, or deleting files without justification.  If you can say for certain that this isn’t even possible, you’ll be able to prevent a situation like NBD’s.  Incidentally, one of the core reasons businesses cite for not wanting to move corporate data to the cloud is that they lack visibility into what the cloud provider’s IT admin are doing with their sensitive business data at any point in time.

If you’d like a free data protection assessment to find out if your environment is at risk, sign up here.

[1] Source:Forrester, Forrsights Security Survey, Q3 2010

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

On Employee Data Theft

October 29, 2012

Last week Zynga, the social gaming company famous for Farmville and Cityville, filed a lawsuit against former employee Alan Patmore for making off with 763 documents—including business plans and other intellectual property—and  bringing them to competitor Kixeye.  Patmore doesn’t deny the claim.

It hasn’t been confirmed exactly how Zynga discovered that Patmore nabbed the documents, but I wonder if software, not a human, sounded the alarm.

Sadly, this kind of unethical behavior happens more frequently than you’d think.  According to Cyber-Ark’s 2012 global Trust, Security and Passwords Survey, slightly less than half of respondents admitted that if they were fired today, they would pocket proprietary data – even knowing it wasn’t allowed.

Other findings from the survey:

  • 45% said they have access to information that is not relevant to their role
  • 42% indicated they have used admin credentials to access information that was marked confidential
  • 55% believe competitors have obtained their company’s  intellectual property

The Zynga case underscores organizations’ need to ensure that only the right users have access to the right data at all times, access is monitored, and abuse is flagged.

For every person who is caught stealing intellectual property from an employer, how many fly under the radar?  Insider threats are something organizations need to take seriously.

Want to find out if suspicious behavior is occurring in your environment?  We’ll show you.

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

The ecosystem around Facebook is growing at a rapid pace.

August 3, 2011

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook growth stats fill countless blogs, comments and ebooks, and although they have recently lost a few users in certain countries their growth in others is still phenomenal. One of the most interesting developments for us is the ecosystem that is being spawned around the “worlds 3rd largest” country.

It appears that countless agencies, media companies, designers are sprouting up to fulfill the insatiable appetite from businesses for all things Facebook. We believe that this is only the start and businesses are only limited by their imagination. The videos below show some of the ideas that are now live.

 

Related articles

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

2010 The year that social network games became a billion $ industry

November 10, 2010

Image representing Zynga as depicted in CrunchBase

Image via CrunchBase

Following on from our presentation yesterday, i came across some interesting information reference the current and predicted size of the social media gaming market. According to the New York Times in 2010 the industry is worth $1.6 billion and is estimated to grow to $2.1 billion in 2011. With an up-to-$750 million acquisition of Playdom by Disney, Playfish‘s integration across Electronic Arts, the continued growth of Zynga, the rise of CrowdStar and Kabam, and continued venture investments, social games are impacting businesses across the media landscape. (sorry the figures are in dollars).

The social gaming area is dominated by Facebook and industry experts predict that they could have around 150 million users of credits within 5 years, turning their credit business into a billion dollar unit.

The gaming and social networking industry in the West Midlands is relatively buoyant now, however as mentioned in an earlier post I can see that there could be difficult times ahead if investment doesn’t keep the talent in the Midlands, this will be a shame as I feel the skill could enable the area to benefit from the growth.

Related Articles

Leave a Comment » | Application Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Social media and new currency

October 27, 2010

One of the big announcements at Facebooks f8 conference recently was the expansion of its official virtual currency, which is in beta currently on 100 applications. This could as mentioned by various journalists across the globe have a serious impact on the amount of revenue generated by the company. users can currently purchase credits for use in Facebook applications with credit cards, special offers, mobile phones and Paypal, and Facebook plans to add “100 or 200″ local payment options worldwide.

Considering that Facebook is now the third largest ‘country’ in the world with over 500 million citizens; and growing, could we be seeing the start of something that will have a major impact on the physical economy in the future?

Facebook is undoubtedly the darling of the tech community but i believe that we now are seeing the creation of a real link between physical and virtual, we really need to watch this space as we could all be soon buying and selling in Facebook Dollars.

Leave a Comment » | Managed Service Hosting, Marketing | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 753 other followers