With great power comes great responsibility
Never before has the world's population been more connected. With access to information bordering on the absurd, suddenly anyone with an Internet connection can wield a perverse god-like savvy-ness. So while you’d think the level of common sense would be exponentially increasing, the reality is that we live in a day and age where some people are still falling for scams like those perpetrated by a con artist posing as the Nigerian Ambassador to the U.S. with twenty-five million dollars to share. Started back in the 80s, the now infamous "419" scam — named after the law banning it — to this day makes money by promising its victims much wealth. (See some undercover reporting here.)
I bring this up as just one example but, depending on your role on the Internet, the very same victims who fall prey to Internet scams may have access to your computer systems. The rich Nigerian with no friends is only one example of a personal con. Imagine the same con playing out at the corporate level, where the goal is not money, but intellectual property, client databases, inside information sold to the competition by a disgruntled employee. These scenarios aren't just the basis for cheesy movie plots, but routine occurrences that cost organizations billions of dollars.
And so, it is our duty as IT specialists to mitigate these cyber disasters, if not completely avoid them altogether. I like to call it "Business Intelligence on the Wire,” but it is also more commonly known as DLP or "Data Leak Prevention/Protection." Often positioned as a compliance requirement enabling organizations to be "regulation X-compliant,” DLP is rarely discussed in the context where it's direly needed: to monitor an organization’s inbound and outbound traffic based not only on the law but also on patterns, such as the roles and responsibilities of people in the organization. We should be asking questions like, "Why is our accountant sending out source code?" Or, "Why is the receptionist sending our client information at 3AM?" Unfortunately, most organizations don’t ask these questions, and more importantly, can’t identify if and when this kind of communication is happening.
Fortunately, the technology exists for organizations to wield that same god-like savvy-ness about their own IT infrastructures, and there is no better time to implement it and pro-actively avoid the potential scams lurking inside our own networks.
– Maximilian Morgan
Max is the Product Manager for M+Guardian.
