Mitigating the Threat of Data Theft by Departing Employees ... · How Real is the Threat? 60% of...
Transcript of Mitigating the Threat of Data Theft by Departing Employees ... · How Real is the Threat? 60% of...
Mitigating the Threat
of Data Theft by
Departing Employees
James A. Martin
How Real is the Threat?
Who’s Most at Risk?
What’s at Risk?
Why Does it Happen?
High-Profile Examples
How Real is the Threat?
60% of all data breaches
are an inside job (IBM,
2016)
77% (Verizon, 2017)
Sources: IBM 2016 Cyber Security Intelligence Index;
Verizon Data Breach Investigations Report 2017
How Real is the Threat?
Of 60% ‘inside job’ data
breaches:
• 75% malicious
• 25% inadvertent
Source: IBM 2016 Cyber Security Intelligence Index
How Real is the Threat?
Source: Biscom
85% of departing
employees take company
info they created
How Real is the Threat?
Source: Biscom
90% of employees who took
data upon departure did so
because the employer lacked
policy or technology to prevent
it
How Real is the Threat?
Source: Accenture
69% of businesses are hit
with “attempted or realized”
data theft by insiders
How Real is the Threat?
Source: Haystax Technology
74% of businesses feel
“vulnerable to insider
threats”
56% say threats are more
frequent
How Real is the Threat?
Source: IBM/Ponemon Cost of Data Breach Study
$158 — average cost per
stolen or lost record in a
company database
Who’s Most at Risk?
Sources: Accenture; IBM; Biscom
Media and tech firms
Health care
Manufacturing
Financial services
What’s at Risk?
Source: Biscom
Source code
Patent filing
Business critical data
Customer data
Names
Phone Numbers
Email addresses
Bank account numbers
Why Does it Happen?
Source: PC World
Money
Major software co. employee
sold valuable source code on
Dark Web for $15k
Why Does it Happen?
Source: PC World
Money
Insiders selling info from financial, health
care, and legal firms
• Bank account #s
• Patient info
• Upcoming merger/acquisition deals
Why Does it Happen?
Source: Biscom
Malice
20% of employees would be
more likely to steal data if fired
or laid off & give it to a
competitor
High-Profile Examples
Source: The New York Times; TechCrunch
2017 Waymo/Uber• Anthony Levandowski left Google’s Waymo self-
driving car initiative
• Started his own company Otto
• Uber acquired Otto in 2016
• Waymo sued Uber in civil court, claiming Uber was
using trade secrets stolen from Google
• Result: Uber fired Levandowski (May 2017); lawsuit
going to trial; possible criminal investigation
High-Profile Examples
Source: Business Insider
2017 Facebook/Zenimax Media• Former Zenimax employee became Oculus CTO
• Facebook acquired Oculus
• Zenimax claimed employee stole trade secrets
• Result: Facebook paid Zenimax $500 million
High-Profile Examples
Source: Ars Technica
2016 Zynga • Zynga sued two former employees
• Claimed they stole confidential information
• Gave info to new employer, a competitor (Scopely)
• Files stolen allegedly included “hundreds of detailed
design specifications”; “unreleased game design
documents”; and “financial-related information”
• Employees tried to cover their tracks, deleted 24k
folders and documents
• Result: TBD
High-Profile Examples
Source: The Wall Street Journal
2016 US Office of the
Comptroller of the Currency• Former employee removed more than 10k records
• Employee downloaded files to USB thumb drives
before retiring
• Discovered during retrospective two-year agency
review of employee downloads
• Result: OCC said it was a “major” breach but no
evidence that data was misused
Mitigating the Threat of Data Theft by Departing Employees
Netwrix Corporation
Roy Lopez
System Engineer
Checklist: Offboarding
IT Security Department Notify systems administrators of account suspension and archiving
Terminate all accounts (VPN, email, network logins, cloud services, specialized applications,
company-owned social media site accounts, backup accounts)
For departing privileged users, change all passwords to shared accounts, service accounts,
network devices (routers, switches, etc.), test accounts, jump boxes, etc.
Collect remote access tokens (two-factor authentication devices)
Update access lists to sensitive areas (server rooms, data centers, backup media access, etc.)
Remove employee from all the distribution lists and automated alerts
Physical Security Department Collect identification badge, keys, access cards, parking pass, etc.
Provide security debriefing
Done
Checklist: Offboarding
Records Department Ensure a departing employee returns all equipment, such as laptop, tablet, netbook, and
smartphone.
Verify returned equipment against inventory
Ensure a departing employee returns any company-owned or controlled documents
HR Department
Obtain forwarding mailing address
Complete offboarding paperwork
Notify organization of separation
Reaffirm any IP (intellectual property) and NDA (non-disclosure) agreement
Done
Be Aware of What Can Happen
Sensitive data theft in order to blackmail the company or to sell it to the competitor
Critical business data deletion to wreak havoc in company’s business processes
Credential and password changes to gain control over critical assets
Seven Oddities to Keep an Eye On
Someone is actively accessing data
Someone has undertaken too many failed access attempts to access data
Someone is actively accessing stale data
Someone is accessing data outside business hours
Someone is trying to log in from different endpoints
Someone has created new user accounts
Someone is massively deleting data
Demonstration
Netwrix Auditor
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Oracle Database
Netwrix Auditor for Azure AD
Netwrix Auditor for EMC
Netwrix Auditor for SQL Server
Netwrix Auditor for Exchange
Netwrix Auditor for NetApp
Netwrix Auditor for Windows Server
Netwrix Auditor for Office 365
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 8,000
Recognition: Among the fastest growing
software companies in the US with 105
industry awards from Redmond
Magazine, SC Magazine, WindowsIT Pro
and others
Customer support: global 24/5
support with 97% customer
satisfaction
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
Industry Awards and Recognition
All awards: www.netwrix.com/awards
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: run a virtual POС in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
• netwrix.com/webinars
• netwrix.com/webinars#featured
Next Steps
Thank You!