Data leak raises questions on CIA’s security structure

Data leak raises questions on CIA’s security structure

Both the American CIA and FBI agencies are hot on trail of a suspected CIA agent who passed on some top-secret and eye-opening secrets to WikiLeaks, who in turn published the details for all to see.

The data leak in question pertain to the CIA's ability to hack into smartphones, smart televisions and computer systems using advanced tools.

While it is no secret that the CIA can and does hack into systems for the larger purpose of national security, the leaked documents, which were so far stored in highly secure vaults in the CIA, will let people know more about the tools being employed by the agency to perform such hacks. Both the CIA and the FBI are trying to nab the employee who managed to pass on the documents to WikiLeaks, but without success so far.

Firms to cut data leakage by a third by reviewing privileged activity

While many may wish to term the situation as an act of a whistle-blower or someone who wanted the society to know the raw truth via a data leak, what it also signifies is that a firm as protective of data as the CIA was unable to present the leakage. What does this say about large multi-nationals who store personal information of millions of people from across the globe?

“Whether individuals view this as the righteous act of a whistle-blower and a victory for free speech, an act of blatant treason, or something in-between, at its heart it is a failure of access controls and monitoring. The fact that an organisation built around a culture of confidentiality, with a high degree of security knowledge and employee screening, and which has suffered breaches in the past, can still fall victim to insider attacks is a reminder to organisations of any size, in any sector," says Piers Wilson, Head of Product Management at Huntsman Security.

Terror investigation information leaked online in Europol data breach

While it is not clear how long it will take for CIA to catch the culprit and avenge the data leak, the agency has chosen to target WikiLeaks instead, terming it a 'non-state hostile intelligence service often abetted by state actors like Russia.' While the accusation was totally expected, the CIA may also need to look within, review its security procedures and create a structure whereby employees cannot do anything with the information at hand that they aren't supposed to.

"Prompt detection and response are at least as important as preventing that leak in the first place. Not only should a user have no access to data beyond what they need; if they somehow do access that data, or perform any unusual activity with that information they can access can access, alarm bells should ring loud and clear," Wilson adds.

Copyright Lyonsdown Limited 2021

Top Articles

Indian state government website leaked COVID-19 test results of millions

A security flaw in a website run by the West Bengal Government in India enabled a hacker to access COVID-19 test results and other personal information of millions of Indian…

Industrial IoT: Finding pre-existing threats inside industrial control systems

Industrial Internet of Things (IIoT) devices are a pressing concern for security teams.

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Related Articles