I was thinking today about how much of my data is in the cloud with different service providers. My email is hosted by Gmail. My chats are on gmail, Slack, Skype, etc. My Twitter DMs. All of this is "guaranteed" to be private by the service providers, but as we've seen with NSA's recent problems with Snowden and Martin, even the most secure environments have leaks. I'm not that interesting, so it's unlikely any service provider insider would leak my personal data. But what data might they be motivated to leak?
As I was considering the "service provider insider" idea, I thought about two distinct scenarios where an insider might be tempted to leak data. I'm sure there are more, but the two I can think of off hand are someone shorting a stock and someone influencing an election.
Election tampering
There are radicals on both sides of the aisle who probably view job loss, financial penalties, and perhaps even jail time (let's be honest, it wouldn't be much) as a small price to pay for swinging a presidential election. I'm sure that Trump and Clinton have both said things using service providers (whether Twitter DM, Gmail, Skype, etc.) that they'd like to forget. I know I have. If someone released non-public data from a candidates communications, that could easily swing an election. This is probably more damaging in smaller races, but depending on the data released, I could see a national election turning.
Stock shorting
If you mined non-public data (like Gmail does all the time), you might find information that leads you to believe that the price of a particular stock is going to fall. In this case you can short the stock and reap the rewards. But what if you short the stock and the stock price rises, possibly because the damaging information hasn't come to light? Leak that data and cash in on that lower stock price! Of course this is illegal, but that's not the point.
Where is your data?
If you've got the easy stuff checked off for infosec, step back for a moment and consider what damage your non-public data could do to your organization. Insider threats are real. Most mature infosec organizations understand insider threats and are looking for insiders in their organizations (with varying levels of success). But are you considering the threats an insider at a business partner, service provider, or other trusted party?
Closing thoughts
A good data inventory will help organizations prepare for insider threats, no matter where they occur. Tabletop exercises are invaluable in evaluating your insider detection and containment strategies. If you need help with a tabletop, please hit me up over at Rendition Infosec and we'll be happy to help.
As I was considering the "service provider insider" idea, I thought about two distinct scenarios where an insider might be tempted to leak data. I'm sure there are more, but the two I can think of off hand are someone shorting a stock and someone influencing an election.
Election tampering
There are radicals on both sides of the aisle who probably view job loss, financial penalties, and perhaps even jail time (let's be honest, it wouldn't be much) as a small price to pay for swinging a presidential election. I'm sure that Trump and Clinton have both said things using service providers (whether Twitter DM, Gmail, Skype, etc.) that they'd like to forget. I know I have. If someone released non-public data from a candidates communications, that could easily swing an election. This is probably more damaging in smaller races, but depending on the data released, I could see a national election turning.
Stock shorting
If you mined non-public data (like Gmail does all the time), you might find information that leads you to believe that the price of a particular stock is going to fall. In this case you can short the stock and reap the rewards. But what if you short the stock and the stock price rises, possibly because the damaging information hasn't come to light? Leak that data and cash in on that lower stock price! Of course this is illegal, but that's not the point.
Where is your data?
If you've got the easy stuff checked off for infosec, step back for a moment and consider what damage your non-public data could do to your organization. Insider threats are real. Most mature infosec organizations understand insider threats and are looking for insiders in their organizations (with varying levels of success). But are you considering the threats an insider at a business partner, service provider, or other trusted party?
Closing thoughts
A good data inventory will help organizations prepare for insider threats, no matter where they occur. Tabletop exercises are invaluable in evaluating your insider detection and containment strategies. If you need help with a tabletop, please hit me up over at Rendition Infosec and we'll be happy to help.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.