Don’t Disregard the Insider

When companies create security policies designed to keep their information secure, they are often most focused upon the threat of an outsider.  Certain measures, like using secure protocols such as SSL and TLS, or using S/MIME encrypted email can help keep your information from being viewed by third parties when it is sent over untrusted networks.  Other measures, like performing hard disk encryption on your laptops help keep your information secure when a laptop is lost or stolen, or a hard drive is sold on eBay.  None of these measures will help in the scenario of a trusted insider getting access to over 1300 documents that they have no business having.

According to the complaint, Jhaveri admitted being employed by Bristol-Myers-Squibb as a Technical Operations Associate from November of 2007 until his termination on February 2, 2010. The complaint further alleges that during his employment, Jhaveri stole numerous trade secrets as part of a plan to establish a pharmaceutical firm in his native India which would compete with Bristol-Myers-Squibb in various markets around the world.

How do you protect against the insider threat?  It is one of the more complicated issues of information security and there are a lot of opinions on how to deal with it.  Certainly it has to start with understanding what information you have which needs to be protected, how damaging that information could be if it were to be lost/stolen, and then making some cost/benefit analysis decisions on the best ways to protect it.  Everything from a rights management services type of solution to a strong security event and information management (SEIM) system could be useful in preventing and detecting insider threats.