Insider mistake can cause costly breaches

 

Lessons learned from two very different media and entertainment breaches

Sadly, there is no shortage of references for data breaches in the world today. Breaches and leaks are now headline news and their effect on an organization of any size can be devastating. The accidentally leaked Doctor Who scripts from the BBC and the Sony Pictures hack which exposed personally identifiable information (PII) and corporate intellectual property are two of the high-profile incidents that have impacted the media and entertainment industry in recent times. These two entertainment industry breaches illustrate the two main categories of threats that organizations face – those originating from external parties (Sony) and those from inside threats (BBC).

Let’s take a closer look to better understand the threat vectors in these two breach examples.

Outside Threats

What happened: Sony Pictures Entertainment became the unwitting victim of a cyberattack by the ‘Guardians of Peace’ (GOP), exposing sensitive information about future films, and the personal, medical and salary information of 47,000 employees.

How it happened: Hackers broke Sony Pictures entertainment computer systems, stole confidential information and installed malware locking employees out of their systems. The GOP then tried to blackmail Sony to prevent them from releasing the information. When Sony refused to comply, the stolen data was released online. Sony had to pull some of the films it had planned to release as result of the incident. It’s estimated to have cost Sony approximately $35 million in investigation and remediation costs.

Inside Threats

The leaked Doctor Who script by comparison, was a direct result of a mistake during internal collaboration shedding the spotlight on the very real insider threat.

What happened: In 2014, five scripts from the BBC’s Doctor Who series and unfinished scenes from six episodes were placed online in a publicly accessible area and discovered and shared by fan sites. Then in 2018 a 53 second clip featuring the new lead in the Doctor Who role was leaked online and shared by a third party.

How it happened: According a report in the Independent the 2014 breach is believed to have occurred when the scripts, along with other materials, were sent to BBC Worldwide’s Latin America office in Miami for translation. It’s unclear how, but the scripts were then published online to a publicly accessible area and discovered by third parties. The BBC released a statement saying that it took disciplinary action in the first incident and legal action in the second, but they highlight the importance of securing internal collaboration and the biggest risk – simple human error.

How serious is the inside threat?

If you think this incident was a fluke, inside threats are not really a problem for your organization, or your biggest breach risk comes from outside your company, you may want to rethink your position. According to McKinsey, “Insider threat via a company’s own employees (and contractors and vendors) is one of the largest unsolved issues in cybersecurity.” Their survey revealed that an insider element is present in 50% of reported breaches stemming from two types of employees: malicious actors and negligent insiders.

Malicious insiders are usually motivated by self-interest. In most cases they don’t start out intending to do harm, but temptation gets the better of them. The most common examples of malicious inside activity include stealing data to commit fraud or identity theft, stealing company info before moving onto another job, and corporate espionage including IP theft, stolen movies, clips and scripts, etc. There are also those employees who know what they are doing is wrong but believe that they are exposing confidential information for the greater good – think Snowden Wiki Leaks.

Negligent insiders on the other hand unintentionally cause a breach, usually by the mishandling of information. For example, accidentally sharing a confidential file with the wrong party or improperly sharing the information, like in the BBC breach. The human error factor is hard to avoid even with proper training. We’ve all had an ‘Oops’ moment at some point.

In addition to these common culprits there’s also a third type of employee putting your data at risk: the one who uses shadow IT. They’re not malicious or negligent so to speak, but they will use unsanctioned IT tools to share data with internal employees and third parties, even if there’s rules in place against it. Gartner estimates that by 2020 one third of successful enterprise cyberattacks will be on shadow IT resources, proving that what you don’t know really can hurt you.

Don’t panic. Luckily technology can help protect against innocent mistakes, rogue clouds and malicious intent.

What can be done to protect your data?

Historically IT security has focused on protecting from threats outside the firewall. Perimeter defenses, anti-malware and intrusion detection systems are just some of the tools that organizations deploy to protect their networks. However, when it comes to the nature of information collaboration and its associated security a different approach is needed in order to appropriately protect data within the modern workplace.

Traditional information security approaches for collaboration tools have relied upon authentication and permissions to secure access in order to protect to the data. Today data is almost constantly in motion, often travelling outside firewalls or organizational boundaries, therefore location-based controls are no longer enough. Protection must also extend to other elements of modern collaboration such as the social exchanges as sensitive content no longer just takes the form of documents and files.

Data security within modern collaboration needs to learn the lessons that the collaboration tools themselves learned. An effective security model must take a balanced user and content centric approach to protecting sensitive data. The collaboration tools themselves cannot take center stage with the security mechanisms but instead must work in tandem with technologies that maintain security long after the data has left the confines of the collaboration repository. To do this successfully organizations need to take a 5-step approach to build their security for modern collaboration.

1. Start with the Data Locations

The first step is to identify where all the data currently exists within the various data repositories. Identification of where the data currently is needs to involve an investigation into the various tools that are in use within the organization. With 70% of organizations still suffering from data in rogue clouds it is critical to correctly identify where this is happening. An assumption that an enterprises data resides solely in IT provided collaboration environments is likely to be mistaken.

2. Classify Data

Once the locations of all the data have been identified there should be an attempt to classify the data. It should be noted that it will be almost impossible to accurately classify every piece of data within an organization and this should not be the goal. A successful strategy will classify data on a continuous basis to account for how information and its associated attributes changes over time therefore accurate classification of data will increase over time.

3. Audit User Interactions with Data

Users are obviously going to be central to the success of any solution therefore it is important to analyze how users are currently creating and interacting with the data. Is there a group of users or department that handles a high volume of sensitive data? Who has access to key intellectual property assets or who has been accessing this type of content? Where is there a need to share and collaborate externally? Which users tend to work remotely?

4. Identify Governance Requirements

The most obvious requirements are to identify any data protection regulations that must be followed. The EU GDPR has far reaching implications including for organizations not based within the EU’s borders. Even enterprises without any physical location within Europe should not assume that the regulations do not apply to them. Secondly, the data security needs specific to your organization should be considered. What intellectual property assets within the organization must be protected and what other information if leaked would be catastrophic? Within the organization itself what are the departmental boundaries that must be respected?

Segregating access and use of HR content or securing financially sensitive data for securities regulatory compliance is commonplace but many in the media and entertainment industry are currently involved with mergers and acquisitions that have their own set of data protection and usage requirements.

5. Enlist the Right Technology

Just as the collaboration tools have evolved, so have the available technologies for protecting sensitive data within modern collaboration environments. New capabilities have emerged, and some existing technologies have undergone change to the point where they are enjoying a rebirth within the data security market. CASB, Data Classification tools and DLP solutions form key components of data security and protection within modern collaboration as indicated in earlier sections. Two key technologies that warrant additional attention are AI and Rights Management.

While these examples focus on the entertainment industry, the threats highlighted continue to impact organizations in every industry, both large and small. Read our latest white paper 5 Data Security Challenges to Modern Collaboration to learn how to balance security with collaboration to protect against breaches.