Ever since The New York Times, on Tuesday, June 16th, reported that the St. Louis Cardinals were being investigated by the FBI and Justice Department for allegedly hacking into a database owned by the Houston Astros, speculation about what actually happened and how it happened has run rampant. But at the very least, all the possibilities being floated should perk up the ears of anyone responsible for the protection of corporate digital assets, no matter what industry they’re in.
Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions and digital forensics services headquartered in New York City, has been involved in many cases dealing with stolen intellectual property (IP), from both the perspective of a cyber security expert and a digital forensics expert, and has seen firsthand what kind of devastation a business can suffer when IP is stolen through a hacking event.
“We’ve been on both sides of the fence for over two decades,” says Caruso, “from cyber emergency incident response and everything else cyber security related, to assisting attorneys with all their eDiscovery needs for litigation. IP cases have always been near the top of the list on both fronts. What actually happened between the Cardinals and the Astros in this case is simply a big unknown at this point from an outsider’s perspective and it’s going to take a while to unravel the truth, but with every new news article and new allegation, it’s like shining a spotlight on all the possibilities corporate IT security personnel have to be aware of and be prepared for. Initial reports suggested that reused passwords may have been the culprit which allowed Cardinals personnel to access the Astros’ proprietary database. But just as quickly, follow up reporting by Sports illustrated (like this exclusive on June 18th) has Astros GM Jeff Luhnow, who is at the center of the storm, vehemently denying that was the case. What actually happened and who is responsible is going to take a lot of digital forensics work, but from a security view, password policy and enforcement shortcomings really can cause major issues for businesses. That’s why we include it as one small but vital component in our professional vulnerability assessments, to help businesses identify any deficiency in policy and/or enforcement so the right changes can be made for added protection going forward.”
Insider threats are very real
The specter of an insider taking proprietary information was also raised in the Sports Illustrated exclusive, saying “that Cardinals officials were concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros.”
“Again, not making any kind of claim whatsoever that it happened in this case, it is a fact that insiders taking proprietary information with them when they leave for a competing organization is actually quite prominent and problematic in many cases,” says Caruso, “and to that end we developed an electronic exit interview process businesses can use to find out what an employee on the way out may be trying to take with them, as well as having a great deterrence effect.”
What Does an Electronic Exit Interview Entail?
“The first thing we do is make a forensic image of the employee’s hard drive, and if necessary, we can also do the same thing with mobile devices,” says Caruso. “Then one of our certified forensic technicians will extract all the electronic correspondence, like email, online chats and social networking etc., as well as documents and other information deemed pertinent according to the concerns of the client. Then we will generate a full forensics report detailing the drive contents, the results of our searches, and a full description of our forensically sound process with all the relevant technical data. And since we are intimately familiar with the world of electronic discovery and the nuances of digital evidence and computer forensics, our clients can rest easy knowing that our findings will stand up to even the highest levels of scrutiny from the opposition or the court if litigation becomes a reality.”
“Once we have a better understanding of the client’s unique situation, we can also set up package deals for multiple exit interviews, so that whenever an employee departs, for whatever reason, we’ll have the process in place to repeat it as often as necessary. It’s definitely a low risk and high reward situation if you consider what can happen when internal cyber assets are misused. And it should come as no surprise to anyone that when an employee is terminated, desperation and revenge can easily become driving forces which lead people to do unthinkable things. The key is protecting the business right out of the gate. Even on just a psychological level, if an employee is made aware of the electronic exit interview process, chances are they will think long and hard before trying any funny business with corporate cyber assets, but if they don’t, our electronic exit interviews will stack the deck for our client with the cards they’ll need should any future actions become necessary. Timing is everything when it comes to performing an electronic exit interview for a departing employee, so don’t wait until your sensitive company data is already out the door,” says Caruso, ”because by then, it may already be too late.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit www.evestigate.com.