Insider threats and data localization
News and notes from around the federal IT community.
Insiders are an expensive cyber threat for businesses
According to recent research by the FBI and the Department of Homeland Security, disgruntled or former employees pose a "significant cyber threat" to U.S. businesses because of their unique abilities to get unauthorized access to sensitive information on corporate networks.
A statement posted on the FBI's Internet Crime Complaint Center on Sept. 23 said a review of recent cyber investigations showed that businesses incur significant costs ranging from $5,000 to $3 million because of cyber incidents involving disgruntled or former employees. IC3 is a partnership between the FBI and the National White Collar Crime Center.
Businesses included various factors in their cost estimates, including the value of stolen data, IT services, the establishment of network countermeasures, legal fees, loss of revenue and customers, and the purchase of credit-monitoring services for employees and customers affected by a data breach.
Data localization poses security risks, Google's Salgado says
Google's director of information security and law enforcement outlined the negative aspects of data localization proposals by foreign countries, Roll Call's "Technocrat" blog reported.
"After we saw some revelations about some of the [National Security Agency] programs, we saw other jurisdictions concerned about what they perceived as expansive surveillance authority by the U.S. government kind of hunker down…[and] try to figure out how can we protect ourselves and our users from NSA [and] from U.S. government surveillance," Google's Richard Salgado said during a panel discussion at the Brookings Institution on Sept. 25.
Data localization -- or requiring companies to have data centers in their home jurisdictions -- would impose "artificial rules" on how networks are designed and would result in "tremendous inefficiencies," Salgado said.
NEXT STORY: 5 key IT bills still pending in Congress