Via Darkreading -
Rene Rebollo was strapped for cash. One day, while working in his office at the Pasadena branch of Countrywide Home Loan, he noticed one computer in the building whose USB port hadn't been disabled by the company's IT department. Then, according to FBI affidavits, Rebollo got an idea.
Every Sunday night for approximately two years, Rebollo went over to that workstation and downloaded confidential data on as many as 20,000 Countrywide customers to a small USB drive that he could carry out of the office in his pocket. He then sold the valuable data for as little as $500 to an accomplice, who fenced it. Over the two-year period, Rebollo may have sold as many as 2 million records, according to some estimates.
Rebollo's case, which caused a nationwide stir and a huge black eye to Countrywide, was highly publicized but hardly unique, experts say. In fact, as the global economy worsens and employees become more fearful of layoffs and financial distress, there already is an increasing incidence of insider sabotage, espionage, and theft.
In a report scheduled for release later today, IBM's ISS X-Force research team will reveal that it has detected a 30 percent increase in network and Web-based security events in the past 120 days, with the total number rising from 1.8 billion per day to more than 2.5 billion worldwide. The researchers attribute a significant portion of the uptick to insider activity motivated by economic fear.
"Unlike a 'quick firing,' tens of thousands of employees are readying themselves for the eventuality of losing their jobs -- and no doubt a high percentage of them [will be] 'disgruntled,'" said IBM security expert Gunter Ollmann in a blog earlier this year. "In today's computer-based work environment, with a little planning and forethought, a disgruntled employee can do a lot of damage with little fear of being caught and prosecuted."
And employees are becoming more and more willing to do just that, according to a study released earlier this week by Cyber-Ark Software. According to the study, 56 percent of workers surveyed admit to being worried about losing their jobs. "Alarmingly, in preparation, more than half have already downloaded competitive corporate data and plan to use the information as a negotiating tool to secure their next post," the study says. In Holland, 71 percent of workers confessed to having already downloaded data; 58 percent of U.S. workers say they have done so.
When confronted with the prospect of layoffs, 71 percent of the employees surveyed declared they would definitely take company data with them to their next employer, Cyber-Ark says. "Top of the list of desirable information is the customer and contact databases, with plans and proposals, product information, and access/password codes all proving popular choices," the study says.
Such surveys offer a frightening view of what's going through employees' minds in the face of economic strife. But are these insider attacks really happening? "Absolutely," says Kevin Rowney, founder of the data loss prevention (DLP) unit at Symantec, formerly known as Vontu. "Every day we're stopping more and more of these sorts of events -- many more than we saw before the downturn. It's a sad fact that rates of employee fraud rise in a down economy."
-----------------------------
I would hardly say these are "new threats"...as this has happened over and over again - bad economy or not. But given these hard times, the threat is set to grow and everyone in the corporate security world should be on the watch....
No comments:
Post a Comment