Cybersecurity

9459 readers

29 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

thoughts on this insider threat case? (lemmus.org)

submitted 1 week ago by Birdwants@lemmus.org to c/cybersecurity@sh.itjust.works

17 comments fedilink hide all child comments

quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.

IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank's top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.

any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?

thx 😎

you are viewing a single comment's thread
view the rest of the comments

[–] cron@feddit.org 13 points 1 week ago (4 children)

Why is the IT guy trusted with access to sensitive data after handing in his notice?
Why does he have access to data that is probably not related to his job?
Is access to the database monitored? It should trigger an alert if an employee accesses lots of data.
Apparently, he successfully bypassed the DLP (Data Loss Protection) systems in place by using optical media.

And lastly, insider threats like this are really not easy to mitigate. You said that in this example it was an IT guy. There are lots of different ways to export data from a system when you have privileged access to servers.

[–] RobotToaster@mander.xyz 9 points 1 week ago (2 children)

There was a recent case in South Korea where it was bypassed by just writing it down with pen and paper manually.

[–] Sunsofold@lemmings.world 4 points 1 week ago (1 children)

That was one of the little things I remember from one of the various Warthunder leaks. The guy was sharing military secrets by copying the info by hand but only got caught after he started copying the documents in other ways because he felt like people weren't giving him enough respect for his handmade copies.

[–] Quexotic@sh.itjust.works 1 points 5 days ago

Hell, even a small camera would work great. It'd be faster too.

load more comments (1 replies)