Data leak raises questions on CIA’s security structure

Data leak raises questions on CIA’s security structure

Both the American CIA and FBI agencies are hot on trail of a suspected CIA agent who passed on some top-secret and eye-opening secrets to WikiLeaks, who in turn published the details for all to see.

The data leak in question pertain to the CIA’s ability to hack into smartphones, smart televisions and computer systems using advanced tools.

While it is no secret that the CIA can and does hack into systems for the larger purpose of national security, the leaked documents, which were so far stored in highly secure vaults in the CIA, will let people know more about the tools being employed by the agency to perform such hacks. Both the CIA and the FBI are trying to nab the employee who managed to pass on the documents to WikiLeaks, but without success so far.

Firms to cut data leakage by a third by reviewing privileged activity

While many may wish to term the situation as an act of a whistle-blower or someone who wanted the society to know the raw truth via a data leak, what it also signifies is that a firm as protective of data as the CIA was unable to present the leakage. What does this say about large multi-nationals who store personal information of millions of people from across the globe?

“Whether individuals view this as the righteous act of a whistle-blower and a victory for free speech, an act of blatant treason, or something in-between, at its heart it is a failure of access controls and monitoring. The fact that an organisation built around a culture of confidentiality, with a high degree of security knowledge and employee screening, and which has suffered breaches in the past, can still fall victim to insider attacks is a reminder to organisations of any size, in any sector,” says Piers Wilson, Head of Product Management at Huntsman Security.

Terror investigation information leaked online in Europol data breach

While it is not clear how long it will take for CIA to catch the culprit and avenge the data leak, the agency has chosen to target WikiLeaks instead, terming it a ‘non-state hostile intelligence service often abetted by state actors like Russia.’ While the accusation was totally expected, the CIA may also need to look within, review its security procedures and create a structure whereby employees cannot do anything with the information at hand that they aren’t supposed to.

“Prompt detection and response are at least as important as preventing that leak in the first place. Not only should a user have no access to data beyond what they need; if they somehow do access that data, or perform any unusual activity with that information they can access can access, alarm bells should ring loud and clear,” Wilson adds.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”” /]