Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/9/2011
07:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Risk Management Pro Walked Off With Company Data

Computershare case sheds light on mitigating rogue insider threat

Financial services and technology provider Computershare confirmed today that a former employee took confidential company data upon her departure from the company, but not shareholder data as was originally suspected.

Computershare earlier this year filed a lawsuit in U.S. District Court in Massachusetts to recover IT devices containing potentially sensitive information that former employee Kathyann Pace had taken when she left the company.

"Our employee handbook clearly states that all Computershare property must be returned upon termination of employment. As this was not forthcoming, we took appropriate action to ensure that no kind of confidential information remained in the possession of this ex-employee. Our approach in these cases is consistent, so this naturally included determining whether any confidential company information or proprietary or confidential shareholder information remained in their possession," a Computershare spokesman said today.

The lawsuit resulted in the recovery of the IT devices. "As a direct result of the lawsuit being filed, we were able to gain access to the individual’s IT devices, and a forensic investigation was able to verify that the information that resided on the individual's IT devices did not include confidential shareholder data, though it did include confidential company information," said the spokesman, who was unable to comment specifically on the case as it remains in litigation.

"All Computershare information was purged from the devices turned over by the employee during litigation," the spokesman said.

News of the apparent rogue insider case was first reported on Threat Post yesterday, revealing that Computershare had charged in the lawsuit that Pace had pilfered thousands of pages of company documents after illegally siphoning it onto a USB drive and then reportedly losing it. Pace, who ironically was a risk management auditor for the firm, reportedly held onto her company-owned laptop for several weeks after leaving the firm.

Threat Post reported today that Computershare still had not recovered two USB drives housing sensitive company email and documents. Pace reportedly claimed to have lost the USB drives on which she had copied the company data, but a subsequent forensics investigation revealed that she had copied the data onto her laptop and USB drive.

While many insider threat cases are the result of human error or inadvertent data leakage, it's cases like Computershare's that give enterprises the chills. "The majority of lost USBs are truly accidents and not malicious in nature. Whether a drive is misplaced, lost, or stolen, there can be ramifications," says John Terpening, secure USB manager for Kingston.

Terpening cites a recent Ponemon Institute report that found that during the past two years, 47 percent of IT professionals worldwide said their organization lost a USB drive containing confidential information. "However, in situations where people do have access to information of value, and theft is made easy by the lack of controls, the likelihood of data theft by insider is a real possibility. Taking a few simple steps can go a long way to reduce this threat," Terpening says.

Policy is key, he says. "The best steps any organization can take to minimize damage is have a policy in place before something happens. A policy can be as simple as deploying secure, encrypted USB Flash drives or to do that in combination with a managed solution. When a company sets up a policy, it has to be enforced," he says.

But Ashok Devata, director of DLP products for RSA, says many companies struggle when it comes to getting visibility into where their sensitive data lives and who can access it, as well as managing access and revoking it when an employee leaves.

"A strong DLP program can offer such visibility and provide organizations a content-aware perspective to risk and threat management," he says. "For example, organizations can enforce DLP policies that prevent end users from copying certain type of data to USB drives, and even alert the security staff if multiple attempts are made to copy such data."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3995
PUBLISHED: 2020-10-20
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to tr...
CVE-2020-7363
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
CVE-2020-7364
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
CVE-2020-7369
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version ...
CVE-2020-7370
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.