The issue of a trusted insider betraying a trust either maliciously or for commercial gain is a problem we often discussed at university and never really came up with an answer. You need trusted people for any business to operate – you should use the “principle of least privilege” to limit the spread of your secrets, but inevitably some people will eventually have access to your most sensitive data so they can do their job.
At this point you need policies, procedures and contracts to mange the insider situation and an intention that if anyone exploits that trust, you will use legal process to deal with the situation.
Block (an online payments service) evidently did not take enough steps to protect its customers from the insider threat, now they have to prove it in court:
Block accused of subpar security protections in lawsuit • The Register
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.
