T-Mobile data breach shows importance of securing internal tools
Full coverage |
Tag Archive for: internal
Apple’s Internal Memo Warning Employees Not To Leak To The Press Leaks To The Press
Whatever the actual numbers, it seems like some hefty percentage of technology news revolves around leaks of one kind or another. Whether it concerns government, corporate, or legal proceedings information leaking to the public, it happens enough that at this point the operating posture of any organization should probably be to expect leaks, rather than flailing at modernity and trying to stop them. Hell, if the White House can’t keep what seems like literally anything under wraps, what hope does the average business have?
Apple, of course, is not an average company. And, yet, when the company put out an internal memo warning its employees not to do the leaking, that memo almost immediately leaked to the press.
On Friday, Bloomberg News published what it described as an “internal blog” post in full. The memo warned that Apple “employees, contractors, or suppliers—do get caught, and they’re getting caught faster than ever.”
The post also reportedly noted that, “in some cases,” leakers “face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes,” adding that, in 2017, “Apple caught 29 leakers, and of those, 12 were arrested.”
Memos like this set off a delightfully oppressive mood within the organizations that send them. Part of the reason for that is that the practice of leaking is so widespread so as to make the selective persecution of any leaker seem callous and unfair. Add to that the simple fact that well-timed strategic leaks are practically marketing SOP in many larger organizations and this seems doubly so. And, finally, I cannot be the only one struck by how low Apple’s catch-rate feels within the memo itself. 29 leakers caught in a year? That has to be some unimpressive fraction of the actual leakers that exist.
Anyone who might want to argue the points above needs to make that argument in the context of a reality in which this scare-memo itself leaked to the press. That this occurred only buttresses the argument that battling all leaks all the time is a losing battle. And if that’s the case, then the selective enforcement of anti-leaking policies will only come off as both confusing and capricious.
Not to mention a giant waste of time and money, compared with incentivizing employees to leak only when its beneficial to the company.
Permalink | Comments | Email This Story
Techdirt.
SEC hack came as internal security team begged for funding
Somebody didn’t hear that whistle blowing. (credit: Securities and Exchange Commission Office of the Whistleblower)
Last month, the Securities and Exchange Commission revealed a 2016 breach of a test system that allowed an unknown party to get access to unpublished corporate information in the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. The breach potentially allowed the bad actors to profit from trades based on the information. SEC Chairman Jay Clayton revealed the extent of that breach in a policy statement on the importance of the commission’s cyber-security mission. But just a few months before the SEC discovered the initial breach last year, as Reuters reports, members of the SEC’s own internal digital forensics and security team wrote a letter bemoaning the lack of support they received from the agency’s Office of Information Technology and SEC leadership.
In a memo sent to the SEC’s inspector general, the head of the SEC’s Digital Forensics and Investigations Unit complained that his team was woefully underfunded, undertrained, and forced to work with repurposed equipment and hard drives that had been designated by other branches of the SEC for disposal. The memo to SEC Inspector General Carl Hoecker, shared with Reuters by a congressional staffer, cited “serious deficiencies” in funding and support. The entire hardware budget for the unit was $ 100,000 for fiscal year 2017—half a million under the amount needed.
Normally, complaints to the inspector general of an agency get significant attention. However, in this case, the complaint was directed to Hoeker because he oversaw the unit. The Digital Forensics and Investigation Unit was created by Hoeker in 2015 not just for internal security investigations but so his office could play a role in the SEC’s law enforcement role—providing forensic support to SEC criminal investigations. In a 2016 report to Congress, Hoeker described the role of the unit within the SEC Office of Investigations:
Read 3 remaining paragraphs | Comments
CBP personnel will work with DHS IG internal affairs
Top Priority Sector:
border_security
Image Caption:
CBP’s Alan Bersin
U.S. Customs and Border Protection and DHS will share investigative personnel as part of a coordinated effort to detect and deter corruption in the border agency.
Homepage position:
10
read more