Lost in the high profile media attention around WikiLeaks is the simple fact that WikiLeaks reflects a common security risk all organizations face - the threat from insiders. While the sensitive nature of the WikiLeaks data has resulted in more media attention, the reality is that insider attacks are happening all the time. Case in point is this week's story that the SEC has charged an employee of a Delaware law firm and his brother-in-law with insider trading.
At first glance, this appeared to be a plain vanilla insider trading case (like this one) in which an insider has access to confidential information and shares it with a relative or associate to generate profits. Note, fans of Oliver Stone's "Wall Street" should still check out that vanilla insider trading case.
As I read the SEC lawsuit, I saw that this case was a bit different. The insider charged in this case was the law firm's IS Manager and Security Officer whose functions included "... to maintain the security and confidentiality of the Law Firm's electronic files, as well as to maintain the security and confidentiality of any information to which he had access in his capacity as an employee and/or representative of the Law Firm." Furthermore, the lawsuit indicates that the suspect was "...required, annually, to certify his compliance with all of the policies and procedures set forth in the Law Firm Manual."
On the surface, the employer had hired a responsible employee who managed IT security and agreed to follow all the company's policies and procedures. In reality, the employee was allegedly using his position to collect confidential information and rubber-stamping his acceptance of the policies. And evidently, the firm's auditing of the security officer's actions was either non-existent or incomplete.
This story should be a reminder that regardless of your organization's line of business, you are still susceptible to an insider attack and that vigilance is required at all times. It also shows (unfortunately) that even those with security roles may even be possible culprits. And once again, it demonstrates the importance of implementing appropriate security controls like identity and access management - and in this case privileged user management - to help mitigate the insider threat.
I encourage readers to look at CERT's website. They have excellent research on insider theft and their blog has good insights on motivations behind insider theft.