The relative ease with which malicious insiders have managed to steal vast amounts of sensitive information from the U.S. intelligence community indicates that more attention to data-loss prevention is needed. In the years since a lowly Army private named Bradley Manning sent hundreds of thousands of secret files to WikiLeaks, some important lessons have been learned — or should have been — about how to minimize the danger posed by traitors from within. First of all, it isn’t enough to have smart data-handling policies — they need to be enforced. Second, too much sharing can be a bad thing. Third, mechanisms are required to track the behavior of insiders. Fourth, all potential avenues of data exfiltration must be monitored. And fifth, throwing big money at the insider threat is no substitute for using the defenses you’ve already bought effectively — or tapping the creativity of the commercial world. I have written a commentary for Forbes here.
Find Archived Articles: