Vadim G. Zdor, Chief Consulting Officer, InfoWatch: Bank of America has begun full-scale counterintelligence operation ». … no, not in Latin America, not in the Middle East, but in its own backyard. Julian Assange, the founder of WikiLeaks, has threatened to reveal some sensitive information about Bank of America back in 2009, but it took more than a year for US financial sector mammoth to realize the danger and apply counter-measures. In his interview to the Computer World magazine Assange admitted that his organization has a copy of the data taken from the hard disk of one of the BofA executives. How realistic this could be says the fact that Bank of America has created a special group of 15 people «scouring thousands of documents in the event that they become public, reviewing every case where a computer has gone missing and hunting for any sign that its systems might have been compromised». Undoubtedly, the bank has something to hide. Bank of America is already under the gun, defending itself from multiple lawsuits from private investors as well as Fannie Mae and Freddie Mac demanding that the bank buy back billions worth of toxic mortgages-backed securities. The bank is at the heart of the robo-signing scandal and has wrongfully foreclosed on countless American families. The acquisition of the most aggressive and fraudulent mortgage lender Countrywide in 2008 resulted in a long list of liabilities and lawsuits for the megabank that now has over 1.3 million customers in foreclosure. The story with the bonuses paid to the top-managers ahead of the schedule at the height of the crisis made the headlines. Now Bank of America actively acquires all domain names containing any negative information about its executives. The question is not about the fairness of such an action from WikiLeaks. More interestingly is how the financial giant has allowed this information to escape. Being the official client of Vontu (Symantec acquired this DLP start-up at the end of 2007), Bank of America had either completely ignored the solution potential, or the system had been incorrectly implemented. And finding any forensics a year after the incident is a challenging task. The incident with Bank of America once again proves the statement that most threats originate not from hackers, but from company own employees who have elevated privileges and access rights. The reasoning behind data leakages through insiders is a complex phenomenon. Undoubtedly, “soft” information security measures, such as acceptable information use policies, have the right to co-exist with rigid DLP tools for content analysis. Whatever the means are, the accepted toolset and counter-measures for information security should address organizational culture, operations and network topology of the company. There are some proven data loss technologies on the market today (hybrid DLP – network DLP system combined with the endpoint control - being the most effective). Those companies, who approach DLP implementation seriously, can expect the profits from better understanding of transactions within their information systems and more reliable protection of intellectual property or customer data. But, most importantly – and it has the greatest value – that the head of the corporate management pyramid should be personally involved in data protection and act as an example and a leader in this process. Source
