"According to a recent study cited by the U.S. House Small Business
Subcommittee on Health and Technology, nearly 20% of all cyber attacks
hit small businesses with 250 or fewer employees. Roughly 60% of small
businesses close within six months of a cyber attack." (Source: Forbes)
This is an amazing statistic. It's something we've been talking a lot about it our local Manchester, NH area. Having just opened in April, we've been doing our networking. For the last several years I've been working in and with large enterprise, global in scope corporations --both as an employee, and as a government Infosec worker --a director at the DoD Cyber Crime Center (DC3). This mostly home based from the Baltimore-DC area, but now, participating in the local ISC2 meetings and talking with the owners of local businesses instead of the CISOs of large companies, I've come to the realization that our government (at least DoD) really has no clue just how bad it is for small and medium sized companies. I recall a conversation with a CISO who told me that nearly 60% of their critical suppliers were companies with less than 25 employees!
So during my local polling at a local Chamber event, many of the companies had no idea what APT was, nor had they any idea that employees walking working from home, leaving the company, angry on the job (scheming to leave), building their own companies on the side, etc., can, and do take information from their current employer. And not only do they take information from their current employer, they often times use this information to compete. The Forbes article talks of an a company who continues to lose contracts to the same competitor, only to realize they'd left the employee's computer access turned on after he left.
Carnegie Mellon has a center that does Insider Threat studies. I did a bit of work with them a few years ago. They do case studies of insider threats --how do insiders break, steal, compete with their former employers either as they're heading out the door, disgruntled and terminated, or just plain through stupidity while still employed (I had an employee once who used our corporate web template to build his own website selling pianos!). In nearly every case, interactions between HR and the employees managers could have helped prevent many of these issues. In all of these cases, monitoring employee computer use, notifying the employee that their system would be monitored during personnel improvement plans, during the last two weeks of employment, and post employment could have saved these companies a lot of heart ache, and more importantly, a ton of money.
So where does Wapack Labs fit?
Most small businesses have no clue what a forensic lab can do for them.
Wapack can tell you, with high levels of certainty, if employees are, or have stolen from you. We'll make two copies of the hard drive, placing an exact duplicate back in the machine. We'll place the original in our safe (for use in court if needed), and examine the second exact copy. We'll look at everything from outbound emails, to copies of files moved to external media (i.e.: USB sticks).
If you've got a problem employee, don't wait. Call us today for a free consult. We'll help devise a strategy that will help protect you from losses of insider threats. And if you get hit with an attack from outside of your company, Wapack can help with that too.
Happy Memorial Day!
Saturday, May 25, 2013
Thursday, May 2, 2013
Your Company Is Walking Out the Door
Today just about every company in America has their vital
proprietary information on computers. Everything from email, client lists,
pricing models, to trade secrets is stored on company computers. In many cases
those computers leave the office daily, or sometimes never show up onsite if
the employee works from home. Even if your company utilizes the most rigid
security rules and not a single computer leaves the facility, emails are still
sent back and forth from smart phones. A lot of the time attachments can be
saved directly from emails to the smart phones and then transferred on from there
without the company’s IT department ever being aware.
This situation becomes even more precarious when you include
companies that allow people to bring their own device (BYOD). In these
situations company data often resides on the personal laptop or in a “cloud”
solution where the data are available from any device connected to the
internet. What happens when the employee leaves? Can you guarantee that nothing
was stolen, deleted maliciously, or taken to a competing shop? Without
conducting a proper digital forensic investigation by certified examiners you
may never know what was taken. Even if your internal IT department does their due
diligence in trying to determine a theft, without the proper forensic handling
of the evidence, it may not be admissible in court.
Attorney Sid Leach from the law firm Snell & Wilmer
wrote an excellent paper (“What Every Lawyer Needs to Know about Computer Forensic Evidence”) pertaining to the valuable information that digital
forensic investigations reveal. Whether it pertains to fraudulent activities,
non-compete contracts, harassment, or intellectual property theft, Mr. Leach
explains that “A forensic examination of a departing employee’s laptop or
computer workstation can provide a goldmine of information concerning what the
ex-employee was doing”.
In my own experiences I have seen companies both large and
small with employees leaving abruptly or on bad terms causing suspicions as to
their activities. It is always in the company’s best interest to at least have
a forensic examiner create a forensically sound bit-by-bit copy of the device
before it is used by another employee. In these situations, even if your
company doesn’t proceed with an immediate investigation, at least you have a
court admissible copy to work from if anything were to arise in the future.
Wapack Labs is a digital forensic firm based in Manchester, NH with certified
and experienced digital forensic examiners to handle any investigation or
discovery need. Contact us today to see how we can help you!
Subscribe to:
Posts (Atom)