Nipping the inside threat in the bud


No CIO wants to believe that the greatest threat to their firm’s corporate security might be on their very own payroll. Given some recently startling examples of the developing “insider risk” trend, however, the prospect is one that most IT leaders are being forced to contemplate.

Witness the details of a case involving Gary Min, a scientist at DuPont, a decade of experience under his belt working for the U.S.-based chemical giant. Released last month by the U.S. attorney’s office, they show that Min pleaded guilty to stealing proprietary data from a DuPont electronic library and taking the information with him to a new job with rival Victrex PLC out of England. Min now faces a maximum of 10 years in the slammer and a fine of US$250,000.

Although it was later discovered that Min’s downloading activity was 15 times greater than that of the next-heaviest user during the period in question, this bloating of the network pipes went undetected. Could Min’s machinations been nipped in the bud had a more rigorous network monitoring policy been in place?

Undoubtedly, yes.

The situation around inside threats and protecting against them is akin to the changing of smoke detector batteries within the home twice a year: It’s easy to put the task off and comfort oneself with the misleading thought that, “It won’t happen to me.”

Odds are it won’t, and the odds also are that one’s employees are good people with no desire to illegally profit from the stealing of the company’s data stores. But you never know for sure, unless the battery is changed or the networks monitored effectively.

Typically, in the pre-Internet age, knowledge of company secrets within most firms was tightly guarded amongst a select group of senior management members. Being at the top of the corporate heap, most had no interest in applying what they knew to any nefarious, profit-driven purposes.

The situation is drastically different today. In the era of business intelligence in which we live, sensitive corporate info is at the fingertips of a much larger percentage of an outfit’s charges than ever before. The risk of a DuPont-style catastrophe has skyrocketed — and the need for effective monitoring policies has grown right along with it.

Hiring someone to mange the monitoring process should be on the radar screens of today’s CIOs. The cost of that salary is more than worth avoiding the cost of data loss and the embarrassing PR that accompanies it. Just ask DuPont.

QuickLink 076353


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now