General disaster: What could have prevented Paula

09.03.2017

Paula Broadwell, the paramour and biographer of CIA director David Petraeus, was found with large amounts of classified government documents in her home and on her laptop. Could a military-grade Data Loss Prevention (DLP) solution have stopped this data breach from happening?

Not completely, but it certainly would have reduced the total amount of lost data. Depending on the specific DLP features available, her activity should have triggered advance warnings about what she was doing and give investigators a clear data trail to follow afterwards.

During the uncovering of Paula Broadwell's relationship with four-star general David Petraeus and then CIA director, FBI investigators discovered she had classified military materials in her home and on her laptop. According to various news reports, Petraeus and Broadwell have told investigators that Petraeus was not the source of the materials. Broadwell, a lieutenant colonel in the US Army reserves, had security clearance, but this did not include the right to have classified data in an unsecured location.

Investigators are inventorying the classified data – both printed and in electronic form – and analyzing how it traveled to Broadwell's suburban house. These are all questions that a DLP solution can answer: what data was taken, where did it come from, and how did it to its final destination.

In a nutshell, DLP works like a librarian; overseeing who is allowed in various library departments, monitoring individual activity, and controlling what data goes out of the building. Even if a person has top clearance, it is still important to know what they are doing. Data Loss Prevention (DLP) solutions like Safetica Endpoint Security DLP are designed to keep the good data inside a company. Additional features in Safetica DLP enable controls on printers, the use of portable memory devices, and the monitoring individual computer activities – features which might have been useful in the Broadwell case.

The Broadwell case is not an accidental leak nor is it the work of a malicious insider. It is best called an intentional leak – data gone AWOL, all with the best of intentions.

Author
Safetica team

Next articles

Data security Blog articles

Dedicated DLP vs. Integrated DLP: Which makes most sense for your organization?

While researching DLP solutions for your organization, you might’ve come across two different variants: dedicated DLP (also known as enterprise DLP) and integrated DLP. In simple terms, a dedicated DLP is a dedicated data loss prevention system. An integrated DLP is an extension to an already existing program used within the organization. Read more.
Read more
Data security Blog articles

The Top 6 Biggest Data Leaks of 2022

Last year, that the average global cost of a single data breach was USD 4.35 million – a 2.6% increase from 2021. Read about the top 6 biggest data leaks of 2022, and find out why data protection is so much needed.
Read more
Data security Blog articles

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!
Read more