There is little excuse when an employee is granted access to data inappropriately. It’s even worse when that access is granted across lines of business without apparent reason. Worse still is when access to sensitive personally identifiable information (PII) and financial data is treated in that sloppy manner. If you also chuck in the fact that the business that gathered this sensitive data had been out of business for years, then you understand why the Barclays breach has got so many people upset. The people who had their data stolen are even more angered by the fact that it was their own sleuthing which led to exposing all this for the most part. To make matters worse, it was only after a kind-hearted whistleblower decided to come forth to the authorities with a memory stick containing files corresponding to 2,000 bank customers that this data breach finally came to light. Otherwise, it’s very possible that the boiler-room investing operations and scams the resulted from the breach could still be occurring today.
The cause of all this wasn’t someone raiding backup tapes, either. For reasons that remain unclear, these were files sitting on the active network. These files contained tons of sensitive data from the defunct finance operation at Barclays. They remained dormant for years. This was a crime of opportunity. Some enterprising person realized they had access to the data. I guess “angry birds” wasn’t entertaining enough for them that day. They went clicking around, found this data, and figured out there was money to be made selling it. So they used their “legitimate” access to the files to grab them in bulk and begin to sell them off. There are so many ways this could have been prevented. Better governance over access to this unstructured data, scanning for sensitive data to discover where better controls are needed, seeking stale rights that have not been used in a very long time, tracking activity to see suspicious spikes like a huge movement of files that have not been touched in years – and that’s only naming a few.
Learn About STEALTHbits’ Solutions
StealthAUDIT – Data Collection, Analysis, Remediation, and Reporting for Microsoft Infrastructure, Applications, and Beyond
StealthINTERCEPT – Real-time Monitoring and Control over Change and Access for Active Directory, Exchange, and File Systems
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jonathan Sander is STEALTHbits’ Chief Technology Officer (CTO). As CTO, he is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets, and he will also lead corporate development efforts. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software.
As part of Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios. He helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previous to that, Mr. Sander was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. He graduated from Fordham University with a degree in Philosophy.