Professional Documents
Culture Documents
W H I T E PA P E R
The New Face of the of affecting any organization whose confidential
information is critical to its reputation and business
Insider Threat performance.
The current news blitz regarding the massive breach
of secret State Department cables to the WikiLeaks Insider theft of sensitive data is not new. WikiLeaks is
website overlooks some important questions about its just the latest outlet for the disaffected individual to
root causes: Where did the leaked data come from? be amplified in our interconnected world. Founded in
What are the motivations behind the individual or 2006 to be a safe haven for whistleblowers, WikiLeaks
individuals leaking the data? And, finally, is there any has published stories on government corruption in
way to prevent sensitive government and company Europe and Africa, and exposed the controversial
data from showing up on sites like WikiLeaks? Copenhagen Accords on climate change. It has
only recently made global headlines thanks to PFC
The information supplied to WikiLeaks, and to future Bradley Manning’s (and perhaps others) alleged theft
“social justice” websites, comes from trusted insiders; of US Military and US State Department information.
privileged users within governments and However, unlike historical insider threats, once
companies from where the data is stolen. They are co- WikiLeaks publishes data, it is available to the entire
workers, often with the most critical responsibilities, free world instantly and without containment.
who have been trusted with access to very sensitive
information to accomplish their jobs. The new wrinkle WikiLeaks brings is its ability to
provide an unprecedented level of public visibility
As with many Internet sites information can be sent to private information from any source, about any
to WikiLeaks securely and anonymously. And, if the subject, and with the express intent to subvert
leaker is known, WikiLeaks will go to great lengths to authority. To some individuals, like alleged data
protect the individual’s identity. This lack of personal thief PFC Manning, the risk of being caught does
accountability eliminates much of the moral hazard not outweigh the reward of making public sensitive
that deters otherwise risk-averse users from exposing and potentially embarrassing information to wield a
sensitive data. With secure sites purpose-built to grudge or promote a “social justice” cause. These
shelter them, a much wider pool of potential violators activist personalities not only have a global platform
can now consider such subversion with little fear of from which to share the data they have stolen, they
repercussion. also have the ability to compromise huge amounts
of information more quickly and efficiently than
In this new reality it is impossible to know who might ever before. Thanks to cheap storage devices like
compromise sensitive information, and the risk is not removable media found almost anywhere; DVD/CD
limited to the government or military. For instance, burners standard on every computer; large storage
would a case manager at a healthcare insurer leak webmail, secure FTP access; and wireless networks,
preliminary and unconfirmed research data in hopes employees with personal agendas will be more
of publically pressuring the company to cover an likely to jeopardize their careers in order to make a
experimental treatment for a terminally ill friend? Or, passionate statement.
perhaps a bank executive, disgruntled because of
a missed promotion or lost bonus, leaks a “health But the effect of insider data theft goes beyond
check” audit from the Federal Reserve — or even social justice, and can have a substantial economic
potentially embarrassing personal data about a impact from board rooms to consumers around the
senior manager; the list goes on, with the real risk world. Historically, the objective of sensitive data theft
Corporate Headquarters
404 Wyman Street
Waltham, MA 02451 USA
info@verdasys.com
781-788-8180
www.verdasys.com
© 2011 Verdasys, Inc. All Rights Reserved. Verdasys, the Verdasys logo, Enterprise Information Protection, EIP, Digital Guardian and the Digital Guardian logo
are trademarks of Verdasys, Inc. All other logos are the property of their respective owners. The content of this document is subject to change without notice. XXX 01-13-11