As much as we talk about securing your systems, having someone in-house go rogue like this is a MUCH higher risk to your data than having someone break in. Internal unrest (or stupidity) will probably bite you harder than crackers will.
While this definitely used to be the case (we used to find ~80% of incidents were internal employee issues), for the past four or five years we've seen that ratio change (not so much because the internal issues went down, but more because of the rise of external activity).
The reality is that organizations have to be able to deal with both internal and external threats, and a lot of the effort on that front has been around reclassifying access to no longer consider insiders as trusted (which an argument could be made that they never should have been trusted to begin with).
Good numbers industry-wide are difficult to come by (but getting better), but according to the latest DBIR‡ (which, full disclosure, is put out by my former employer) breaks it down as 98% external, and 4% internal (why that adds up to greater than 100% is a mystery to me).
This is an older story [1]... but the CIA / MI6 angle is new to me.
It's an embarrassment, the Swiss intelligence services had already butchered their relationships with foreign services with the "Egyptian Fax" leak back in 2005/2006. Somehow Swiss journalists got hold of an intercepted fax communication between Egyptian's foreign ministry and Egypt's London embassy that proved / alleged the existence of secret CIA prisons on foreign soil. [2]
This story is a few months old now. Back then, it was everywhere in the medias here in Switzerland. The huge issue if you ask me, is that the guy was able to exfiltrate hard drives for weeks, without beeing questioned.
Quote:
He'd worked at the NDB for eight years but was reportedly disgruntled at his job and felt management were ignoring his suggestions on systems management.
