A senior member of a small to medium Australian design and manufacturing company, who had been with the firm since its founding, decided to move on. The employee was a trusted individual and because of his seniority had access to confidential information, including defence related data around advanced projects.
Before he left the company, GuardWare INSIGHT alerted the IT team to the movement of sensitive data to USBs. The user was authorised to hand-carry company USBs into the manufacturing area, as the 3D printing/manufacturing area was air-gapped. Files were transferred manually by plugging in the USBs. These USB devices were always accounted for and signed-in and signed-out, to ensure data security.
However, this time around the employee used two different USBs to transfer data. One of them belonging to the company and the other one his personal device. INSIGHT records the Serial Number of the USBs used to transfer information. When the IT team challenged him, the user said he had already returned the USB, not knowing that they had detailed information on his use of two USBs.
Confronted with the evidence, the user surrendered his personal USB and further actions were taken.
Risks mitigated by GuardWare INSIGHT
- Loss or Theft of USB
Misplacing USBs is a common occurrence in any organisation. Their capacity for storing huge amounts of data makes their loss a potentially serious threat.
- Potential Theft of Information
High transfer rates over a short duration of may be potentially malicious in nature and should be reviewed. - Malicious Behaviour
Transfer of information during non-office hours, especially on weekends, may be potentially malicious in mature and should be reviewed.
- Loss of Information Due to Information Creep
Large movement of data into USBs clearly indicates a movement of data away from established, legitimate information stores.
