When we were at VMWorld conducting a short, informal survey, participants were overwhelmingly aware of the responsibility they carried and the tremendous value of the data to which they had access. IT staff boasted that the data they presided over was worth plenty more than $20 million. What we didn't hear is, "but I would get busted for sure." In fact, many felt it would be relatively easy to get away with it.
Having accountability after the fact isn't an option. Employees need to know in advance that they carry a great burden, that violating the burden will result in discharge and that they will be caught. This entails having log-ins, monitoring, approvals and other processes that make it really clear about who has access to what and when. After the fact forensics are fine, but staff members need to feel the accountability beforehand and know that they won't get away with it before the attempt is even made.
Obviously, WikiLeaks sources are shrouded in mystery. Often, one major unveiled leak is the combination of hundreds of smaller leaks about the same organization or event. The only thing we know about how the leaks occur is that someone goes to WikiLeaks.org and submits materials. Even WikiLeaks doesn't keep records of where the submissions come from.
On that note, it's reasonable to suspect that not all the leaks come directly from employees. Malware developers and hackers who are after profit often get confidential data for which they don't have any use. WikiLeaks has made it very easy and convenient for any party to contribute to expose company secrets.
In addition to the insider threat, we all need to take a long, critical look at how we protect our data from outsiders-even friends and family of staff-to keep our company secrets, secret.
Jim Zierick is Executive Vice President of Product Operations at BeyondTrust. Jim is responsible for the development, methodology and process of one of BeyondTrust's solution suites. Jim also leads global initiatives to drive growth and technical thought leadership. Prior to joining BeyondTrust, Jim served as a serial CEO at Nirvanix, LogicalApps and Aspyra. Jim has also held senior positions at Oracle, Peregrine Systems and Hewlett-Packard. He can be reached at firstname.lastname@example.org.