Posted by Kevin on January 6, 2015.
The nightmare scenario is so scary and so difficult to contain that it is best ignored. That nightmare is the rogue insider who knows your network and already has authorized access. You cannot function without such people, you can only hope they don’t go bad.
The Sony incident, explains Jonathan Sanders, strategy & research officer for STEALTHbits Technologies, “is like looking in a mirror for many other organizations. They know their insiders could own them just as easily if they wanted to. They know the people use their systems to say potentially embarrassing things about clients, partners, famous folks, and more. They know that they are a few clicks away from being Sony, but even with that threat they still feel like they can’t communicate the need for urgent change to executives. The old balance between convenience and security still leans toward convenience even in the face of Sony’s public meltdown.”
The latest company to look into that mirror and see the nightmare is Morgan Stanley. It said in a statement yesterday,
While there is no evidence of any economic loss to any client, it has been determined that certain account information of approximately 900 clients, including account names and numbers, was briefly posted on the Internet. Morgan Stanley detected this exposure and the information was promptly removed.
Overall, partial account information of up to 10 percent of all Wealth Management clients was stolen. The data stolen does not include account passwords or social security numbers.
The culprit seems to have been an insider who has already been fired. It is suggested that the 900 client details were discovered on Pastebin being offered for sale, and that 350,000 records in total (10% overall) were actually stolen. The culprit seems to have admitted the theft but denied the post.
Morgan Stanley’s best hope is that he is lying. To have been tracked so easily (although there is no indication from Morgan Stanley over when the breach actually occurred) suggests that he may have been a competent insider, but he is certainly an incompetent criminal.
However, if he is telling the truth, then somebody else subsequently stole the information from him and did the post. That would then suggest that the 350,000 records are in the hands of a potentially more competent criminal. And that would be an altogether more worrying situation.
Whatever way you look at it, the insider gone bad is one terrible problem.Submitted in: News, News_hacks |