System Alert: Intrusion detected
With shrinking budgets and time constraints within IT departments, it is becoming dangerously apparent that mistakes and / or events are not being fully investigated. There have been numerous cases where, if given more time or the opportunity to secure environments as they should be, the loss of data may have been mitigated. Here is an example of where friendly relationships, along with security systems producing many false positive results, allowed data to be extracted from a company.
5:27pm on Friday 18th November, the IT Director receives a notification via his security system alerting him of a breach on the network. He immediately recalls his IT team from going for their usual end of week drinks to assist in investigating the problem. The alert details that there is a computer located on the third floor of their building that has an unusual amount of traffic suggesting information is being copied to an external USB device. Immediately, the IT Director rushes to the location and identifies an individual sitting at a computer listening to their headphones. On approaching, he notices on the computer screen that there is software converting YouTube videos into movie files, and a window showing files being copied from folder to folder. As the IT Director knew the individual, he told him not to use the companies’ computer for personal use. The employee says “Sorry mate, I will stop after this file finishes”. The IT Director phones the other members of the IT team to stand down and on his return they all leave for drinks.