A recent article at Forbes online commented on the possible relation between the raise in cybercrime and the current economic crisis. Although hard to unquestionably prove the statement, it pointed out some data provided by McAfee, according to which there has been a raise in the number of malicious software plaguing the Internet in recent months. Even harder data (still by McAfee) show that this raise in attacks began in March 2008, when it went from the 30,000 or 40,000 detected in earlier months, up to 170,000. And this was even before the credit crisis hit the technology sector.
The article points that the reason for this could be the amount of savvy employees that suddenly find themselves without jobs, and are pushed to “the other side” and commit fraudulent acts that they otherwise wouldn’t do. In that respect, the real threat comes when disgruntled employees that leave companies, take customer records with them to sell them on the black market.
So how to deal with this? Many organizations are focusing on improving their security systems; but at Kinamik we believe that this is clearly not enough. For us, one of the best ways of dealing with insider threat is by having a system like the Kinamik Secure Audit Vault, which could collect and centralize auditing data, making it tamper-evident. This way organizations can hold users, even the most privileged ones, accountable for their actions beyond any shadow of doubt. This kind of system acts clearly as a deterrent for illegal actions, pretty much like a CCTV, and a sign like “We always prosecute thieves” would do in a real-life shop. Wrong-doers (i.e. any disgruntled ex-employee) would think twice before committing an illegal action if he/she would be certain that his or her tracks cannot be covered and erased (and if they try to do so, it would show even more).
Accountability beyond any doubt is the key here. Security without proper accountability is just not enough.