Focus On/ Security
Someone is stealing your fingertips 41
Big-game hunters for bugs 41
I lost my data at the trade fair 42
March 16 — March 22, 2015
Tracking the Enemy Within Companies are monitoring employees’ work habits and e-mail to neutralize insider threats
ILLUSTRATION BY 731
“People said, ‘Wow, if that happened in the NSA, it could happen to us’ ” the game is constant surveillance.” Whether you call Edward Snowden a Fortscale and competitors such as traitor or a whistle-blower, he earned Securonix, based in Los Angeles, sell one label about which there’s no software that pulls data from a comdebate: insider threat. pany’s computer systems and feeds it Guarding against such risks is an expanding niche in the security industry, through algorithms to create a profile of each employee. The software constructs with at least 20 companies marketing software tools for tracking and anaa base line showing what’s normal lyzing employee behavior. “The bad behavior for that user: where and when guys helped us,” says Idan Tendler, the he logs in, which programs he uses, founder and chief executive officer of which company databases he accesses Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ” YOU’RE HIRED!! The problem predates the Internet: the salesman who takes the entire customer list with him when he quits, or the engineer who makes off with key product designs. But technology has only made it easier; now the salesman e-mails the data to his Gmail account, and the engineer can put product designs on a USB drive. In an embarrassing episode for Morgan Stanley, the bank dismissed an employee earlier this year for taking information about an estimated 350,000 clients of its wealth-management division. Companies are also realizing that tracking insiders may improve their odds of catching outside hackers. While investigations into the breaches at Sony and Anthem are ongoing, it’s likely that attackers hijacked employee passwords and logins, then used them to navigate the companies’ computer systems to find and steal data. These methods are the reason it takes a business more than 200 days, on average, to detect breaches, according to FireEye, a cybersecurity company. “Hackers become employees when they get inside,” says Avivah Litan, an analyst at research firm Gartner. “So the name of
regularly, and which external websites he browses. It also generates a risk score for users based on what danger they may pose to the organization. With “normal” established, it becomes much easier to spot suspicious activity—for example, a worker downloading thousands of documents from a database she has permission to use but never has before. “What we’re trying to do is get this situational awareness,” says Igor 39
