Two very interesting studies were released last week, as well as one jaw dropping anecdote. Let’s examine.
First, the good news. A recent study by the New York Stock Exchange, sponsored by Veracode, titled Cybersecurity in the Boardroom, asked corporate directors of public companies how they view, monitor and track cyber security as part of their job. Some 70% said security is a topic in each board meeting. Good! The study also found that “more than 40% of respondents said that CEOs should face the brunt of breach-related backlash.” Accountability starts at the top. Good!
Now the bad news: Kleiner Perkins Mary Meeker issued her annual State of the Internet report which is a must read for anyone in the business. This year, she had two slides on cyber security and she noted that “>20% of breaches come directly from insiders with malicious intent.”
So much attention in the security business is focused on APTs, nation state activity, threat intelligence and the shadowy groups of attackers with quixotic names that keep everyone on their toes. Insider threats tend to fly under the radar. They simply aren’t as exciting to talk about. There is no black hat, no geo-political connection. Meh. As Meeker’s report shows, insiders should not be ignored. After all, they are, by definition, already on the network. So much talk, and investment for that matter, is on keeping the bad guys out. Not enough attention is paid to those already in.
Now the jaw dropping anecdote that combines the good and bad discussed above. C-Suite leadership and accountability, and a focus on insiders. However, in this case, the insider isn’t malicious, just incredibly sloppy.
Bill Gross is a legendary figure in the world of finance. He founded Pacific Investment Management Company (PIMCO) in 1971 with $12 million in assets and grew it into the world’s largest and most influential bond firm with nearly $2 TRILLION in assets at its peak. Incredible American success story.
I wasn’t surprised, then, to read this headline over the weekend:
The keyboard will be on display as part of the Smithsonian’s “American Enterprise” exhibition and become part of the permanent collection, according to the museum’s chairman and curator, Peter Liebhold.
That’s pretty cool, I thought upon reading. Until the very next sentence, when I thought Holy Sh#t!
“My favorite thing is the password,” Liebhold said. “If you look at the keyboard, you can see that Bill Gross — who’s controlling maybe the biggest bond fund in the world [PIMCO] — on a piece of paper Scotch-taped to the top of his keyboard has written his ID and his password. So he’s just like everybody else.”
While Bill Gross certainly wasn’t a malicious insider, he was a very sloppy one. Everyone in the PIMCO office had access to his terminal, from co-workers to the cleaning crew!
Securing a network today is a daunting task and as the Veracode study shows, it is finally getting the attention it deserves from Boards and the C-Suite. As Mary Meeker’s research showed, insiders are a persistent threat, but in the case of Bill Gross, not a very malicious, or advanced one.
The post Now that’s gross! appeared first on Arbor Insights - Our People, Products and Perspective.