Imperva cautions on lessons to be learned from Wikileaks disclosures
SYDNEY, November 30. Data security leader Imperva has cautioned that there are lessons to be learned by all business and government IT users from the latest Wikileaks disclosures.
Imperva cites a report in the Guardian: http://www.guardian.co.uk/world/2010/nov/28/how-us-embassy-cables-leaked in which Bradley Manning, a 22 year-old intelligence analyst, is quoted on how he supposedly stole the sensitive files.
“I would come in with music on a CD-RW labelled with something like 'Lady Gaga' … erase the music … then write a compressed split file. No one suspected a thing ... [I] listened and lip-synched to Lady Gaga's Telephone while ex-filtrating possibly the largest data spillage in American history." He said that he "had unprecedented access to classified networks 14 hours a day 7 days a week for eight-plus months.”
Imperva says the lessons to be learned are:
- File security is a key issue.
- Along with hackers, IT history shows that the rogue employee is also a threat. The banking community is starting to take action to protect its assets, but organisations have a long way to go before they can truly tackle the very real risks that insider threats pose to their reputation and integrity. Organisations need to wake up to the complexities of internal threats, rather than simply relying on conventional IT security systems.
- Any user retrieving large numbers of documents a day should raise an alert on a good business IT security system.
Imperva’s CTO Amichai Shulman adds: “I think that with the size of the leak it is going to be relatively simple to track down the source. There are some logs somewhere and this kind of access must have left evidence in some of them. Analysing the documents in the collection may also lead to the workstation or person who had access privileges to this variety of documents. Basically I think that this is an easy one that should have been detected a priory. Harder to investigate are incidents where a small number of very sensitive documents are leaking.”
Imperva is the global leader in data security. With more than 1,200 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organisations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.
Phone: +65.6749 4482
Mobile: +65.9666 1886
PR Deadlines Pty Ltd, for Imperva
Phone: +61.2.4341 5021
Mobile: +61 (0) 408 408 210