follow-up (Fidelity): The Cybercriminal Inside

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.forbes.com/business/2007/07/10/computer-security-internal-biz-biztech-cx_ag_0710mcafee.html

By Andy Greenberg
Forbes.com
07.10.07

The data breach that occurred at Fidelity National Information Services 
last week was a security professional's nightmare. And not just because of 
the amount of raw consumer data spilled onto the black market. By that 
measure, the 2.3 million users' files that were leaked can't compare with 
the 45 million customers' account information lost by retailer T.J. Maxx 
(nyse: TJX - news - people ) just last January.

In Fidelity's case, the volume of the theft was less troubling than the 
source: one of the company's own staff. After the breach, Fidelity 
revealed that the culprit was an employee at the payment processing 
company, one whose job granted him access to the company's database.

In fact, data breaches that come from internal issues arent unusual. 
According to Attrition.org's Data Loss Database, 104 of the 327 data 
breaches last year started inside companies, not in the hands of hackers.

And Martin Carmichael, chief security officer at McAfee Software (nyse: 
MFE - news - people ), says that internal data breaches are more likely 
than external attacks to reveal key private information. But how to 
protect servers when every employee is a potential data thief? Carmichael 
spoke with Forbes.com about Fidelity's data debacle, how that company and 
other breach victims can recover, and the problem of controlling 
employees' access to data without paralyzing their performance altogether.

Forbes.com: How should a company like Fidelity have protected itself from 
a data breach?

Martin Carmichael: When we look at Fidelity, it's a common situation: 
Companies are focusing on the perimeter between the company network and 
the external network. In the press you read cases about hackers and 
Trojans that come in from the outside and devastate companies. But if you 
look at the statistics, that's not where the biggest losses occur. More 
often they happen when an inside person takes assets or information.

So many companies are focused on perimeter security, when they should be 
asking, "What does our infrastructure look like? What are we doing to 
assure compliance within the boundaries of our firewall?", looking at that 
internal structure as well as that external structure.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 211 million compromised records in 717 incidents over 7 years.