As 2013 closes and we step into 2014, it is time to identify the number one industry hero and the main buzzwords of our time.
The most influential person of the year is clearly Edward Snowden. Whether or not you agree with what he did, Snowden set off a domestic and international avalanche as the public and governments reacted to knowledge about the US National Security Agency’s surveillance activities. Yes, he brought a lot of attention to the concept of insider data leak. And, it looks like there are more rabbits about to come out of his hat in 2014.
Apart from the data that Snowden has so far released, there is also the NSA itself. This huge governmental agency has reacted in three very common ways to an insider leak. Here they are:
- Portray the insider as diabolically clever – As reports broke about the leak, there were several reports in the press about how smart Snowden was as a system administrator and hacker. While I believe Snowden is intelligent and had specific targets in his data acquisition activities, this portrayal is a cop-out. On average, research from the Carnegie Mellon's CERT Coordination Center has found that insider data leaks were not especially complicated. This is an organizational response called CYA.
- Lack of organizational capacity – There were several articles about how the NSA just did not have the personnel capacity to install a proper monitoring or data loss prevention software. Well, this could actually be a valid excuse. Historically, content DLP solutions – as I assume the NSA was wanting to implement – have a high failure rate because of their incredible complexity. Companies need to get a DLP/monitoring solution that fits their needs and organizational capacity.
- Unknown losses—It still is not clear what data Snowden took with him. This can be chalked up to the lack of an effective monitoring or DLP solution, Snowden’s ability to efficiently go around existing restrictions and hide his tracks, or an organization that has simply had no handle on its internal activities. Unlike companies that will be forced by new laws to publicly report the extent of their data losses, the NSA can hide as a matter of national security. Your company won't be able to use this excuse.
Industry gets a new buzzword
My hope for 2014 is that the security industry gets a different buzzword than APT. Yes, Advanced Persistent Threats are real, but the name is just so theatrical. The same term can apply to children with a can of paint. Unfortunately, I don’t have a good replacement term ready. It is difficult to form a catchy term for hardworking employees that email sensitive data by mistake(HEEDM) or office drones on FaceBook(ODFB).
Because when it comes to data protection and monitoring, the biggest losses aren’t dramatic, they are just quiet leaks.