Swiss bank Credit Suisse accused its former vice president of emerging markets Agostina Pechi, hired by the U.S. investment bank Goldman Sachs of theft of trade secrets, reports Bloomberg.
Credit Suisse has filed a complaint in a Manhattan court sustaining that the information was stolen in an attempt to win customers for Goldman Sachs.
In February and March, Pechi secretly sent e-mails with customer lists and other confidential banking information from her work account to her personal account. She also printed important documents relating to transactions, late at night, when she was officially away on vacation, says the complaint filed by Credit Suisse on the 3rd of May 3.
Pechi earned 950,000 dollars last year and lives in New York. She resigned from Credit Suisse on the 2nd of April, informing she accepted a job at Goldman Sachs in New York.
“Pechi decided to steal confidential information from Credit Suisse and contact details she gathered during the time spent at Credit Suisse. She plans to use the data to compete with Credit Suisse and share them with her new employer, specifically targeting the Swiss bank’s clients, “said the complaint.
A spokesman for Goldman Sachs declined to comment, and Pechi could not be reached.
Funny thing is Goldman Sachs hasn’t been exempted from data thefts from ex-employees!
This also goes for companies when we’re talking about protecting their most valuable capital: DATA….CONFIDENTIAL DATA. At least at one point in their business activity they thought competition or other third parties are going to find out the secret of their success…the “secret Coca-Cola ingredient”!
Think about the fact that some IT admins used to Super Glue USB ports so that employees couldn’t plug in USB sticks to copy data and infect the computers with viruses. Crazy, huh? (Yet when I think about the data breaches that occured lately, it’s understandable). Even if they don’t use Super Glue anymore, they do it through software and there are still many companies that, out of too much caution, ask their IT people to simply block all transfers of files. This is both annoying and counterproductive for users, since the business environment nowadays requires high mobility for fast response times. This doesn’t mean they should just leave confidential data and exit points unprotected and unsupervised. Don’t get me wrong! Maybe I’m just pointing out the obvious, but they should allow legitimate file transfers and block dangerous file transfers, instead of blocking the activity of all users. In one word: FILTERING.
With Data Loss Prevention solutions you can set filters at the endpoint level: filters by File Type (Word, Excel, PDF, PowerPoint, exe, jpg, etc.), filters by Personal Data (emails, phone numbers, SSNs, credit card numbers, etc.) and even filters by Custom Content (for instance I can define a filter that will prevent all my users from sending files containing the word ‘dog’ inside). You can basically control every word that goes out of the company network, whether by email, social media, instant messaging, file sharing applications, Dropbox, iCloud, USB drive, external HDD, CD/DVD, zip drive, etc., all you can think of.
My point is you have to be on the safe side without taking it to the extremes: hope for the best (security conscious, well-intended, employees) but expect the worst (be prepared to face any security threat).
We will talk more in depth about filtering and Data Loss Prevention in a future post. To Be Continued…
Data Privacy Day is an initiative of the National Cyber Security Alliance started in 2008 in United States and Canada. Now it is celebrated also in Europe and its purpose is to raise awareness among Internet surfers, social media fans, online gamers, online shoppers…so pretty much all of those who use the Internet, about the importance of their personal information privacy.
We are big fans of data security, so we encourage you to do the following for at least one day OR starting from today:
1. Stop sharing so much personal information on your Facebook, Twitter, Google +, etc. account. Hackers can use that information and you might find out one day your online identity is robbed, your passwords don’t match anymore, or even worse, your bank account is empty. Not to mention the creepy stalkers outside your house, who, of course, found out where you live from Facebook…
2. Change your passwords and do not assume that using the same strong password on all your online accounts is enough. Use alphanumeric passwords, but not “pasword1234″.
3. Use a special card for online transactions. There are options like disposable cards, or weekly withdrawal limits you can set with your bank.
4. Encrypt your data on USB sticks or other portable storage devices. Losing such a small device where you surely have important data is very frustrating. At least no one will be able to access your data once they find your USB stick.
5. Don’t forget about your mobile devices: smartphones and tablets. They need protection as much as your laptop or desktop does. Don’t download suspicious apps and use AdBlock software to avoid annoying popup ads that could also carry malware.
This is it from us, but the guys from National Cyber Security Alliance have more advices and you can find them on:
New victims, same old story…. An unprotected USB stick containing private information of Canadian residents went missing from an office of Human Resources and Skills Development in Gatineau, Quebec.
The drive was storing the names, social insurance numbers, dates of birth and loan balances of 583000 students who had borrowed money between 2000 and 2006.
The internal investigation on the affair started only two months after the discovery of the loss of the stick (Nov. 5th) and a notification was sent to the victims only last Friday.
So the question remains: Are we ever going to learn from others’ mistakes? Especially now that Device Control, Data Loss Prevention and USB encryption software has been around for ages and it’s virtually in everybody’s reach.
Jeffrey Paul Delisle, ex sub-lieutenant of the Navy Intelligence admitted that the spying charges against him were true. According to prosecutor Lyne Decarie, he willingly entered the Russian Embassy in 2007 to offer to sell confidential military information. Apparently, he was getting around $3000 per month for his services, but he declares he wasn’t doing it for the money, but for’ ideological reasons’.
He was asked to copy references about the Russians from his work PC to an USB stick, then he took the stick home and uploaded the data to an email application to share it with the people paying him.
You can find more info on this high-level spying affair here:
This Sunday an incident of the most common happened at the Lyon train station in Paris: a thief disappeared an USB stick from a car. Nothing special here, this kind of things happen everyday!
What makes this incident so special is the info stored on the memory stick. The owner of the key is an entrepreneur involved in an installation of fiber optic at some important buildings in Paris. His USB stick contained the highly confidential plans of the Elysée palace, the Internal Affairs Ministry and the Paris Police. The worst is that the stick was not encrypted, so the thief has full access to all the documents!
The questions we need to ask now is: did the thief know beforehand what type of info was on the stick or did he steal that precise stick just by accident?
Stuxnet, the worm created by the US and Israel for breaking down Iran’s nuclear plant Natanz got out of their control
An article published today in the New York Times shows that the Stuxnet virus-written and deployed by the US and Israeli government-targeting the Iranian nuclear plant Natanz got out in the wild. It seems that the purpose of the code was to set back the Iranian nuclear research program by commanding the control hardware responsible for the spin rate of the centrifuge equipment. The important aspect of this is the fact that the worm only targeted this specific nuclear plant, it was never intended to spread on the Internet.
The network at Natanz is air-gapped, which made it very difficult for the people who made the plan to introduce the code into the network. They needed someone with physical access to the site to get the worm inside through thumb drives (this is also the manner how the first versions of the worm were distributed). To quote one of the architects of the plan: ‘It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.’
The way Stuxnet spread outside Natanz’s network is most probably on a laptop. Fortunately, security researchers were able to annihilate it.
Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)
To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html
The launch of the new Endpoint Protector 4 client for Linux did not pass unnoticed.
The Var Guy wrote a blog post presenting the new release and emphasizing the importance of Data Loss Prevention and Device Control solutions for mixed environments (Win, Linux, MAC).
You can read the whole article here: http://www.thevarguy.com/2012/04/10/endpoint-protector-4-adds-linux-support/
What is Data Loss Prevention? Is it related to technology, processes or people? Is it limited to some administrative policies and IT restrictions? These are the questions discussed in a well-documented recent article on darkreading.com.
DLP is not just an information security concern, it is not just a technical issue. DLP involves the entire organization, establishing what data is sensitive, where the sensitive data is kept, how is it accessed and used, and only after understanding these key points will they be able to define and implement a strategy for protecting and securing such data, at a level of both administrative processes and IT limitations.
In short, DLP is a business issue and it concerns technology as well as processes and people.
With the rising number of attacks and unintentional data leakage, protecting sensitive information became an essential task for any organization, regardless of its size. This is why the implementation of security controls for preventing data loss is actually the foundation for a secure business performance.
You can read more on this hot topic on darkreading.com