Information security or internal investigations teams at the affected financial organizations may or may not have the analytics capability in-house to determine whether one of their employees working on a company machine copied a significant stash of their very private account holders’ personally identifying information (PII).
Ideally, having the capability to capture the data from that smoking thumb drive in a way that preserves the evidence would be an important first step. Then, investigators could forensically investigate the metadata, the header, and other hidden artifacts to pinpoint the culprit, and send them to jail.
Today’s news reminds us that internal threats can be equally damaging to an organization’s reputation as cyber attacks. Endpoint forensic and analytic capabilities should be at the top of every CISO’s must-have list.