Navigate ’15: The Insider Threat Persists – Catch it if you Can
We were thrilled to kick off this year’s Navigate with Frank W. Abagnale, the acclaimed subject of the book, movie and Broadway play, ‘Catch Me If You Can.’ He shared his journey from being one of the most wanted imposters in the country in his youth to becoming one of the FBI’s foremost authorities on identity theft and financial crimes.
If you’ve seen ‘Catch Me If You Can,’ you know that Frank was one of the most famous impostors our country has seen. Between the ages of 16 and 21, he posed as an airline pilot, an attorney, a college professor and a pediatrician, cashing almost $2.5 million in fraudulent checks along the way. Like most criminals, he was eventually caught and served jail time in France, Sweden and the US. Eventually, he earned his freedom in exchange for helping the federal government, without remuneration, by teaching and assisting federal law enforcement agencies. The great piece of the story is that once his commitment was met, he stayed on with the FBI – and has now spent 39 years with the Bureau.
Before Frank took the Navigate ’15 stage, I had the distinct pleasure of sitting down with him to talk about his time with the FBI. It was a fascinating conversation about how he’s seen crimes that were primarily forgeries and counterfeit evolve over the last 30-40 years into cybercrime and identity theft. And as such, Frank and the FBI’s approach has had to evolve over the years, and he mentioned that his crimes would be incrementally easier to pull off today, with the impact limited by nothing more than his imagination.
Throughout our conversation, he emphasized that with security breaches and identity theft, prevention is the only viable solution. Frank has been involved in every single security breach – and he rattled off many of the most prevalent ones we’re all intimately familiar with. Without prompting, he said that the common thread across these breaches is it always involves someone inside the company.
Frank told our customers in the audience: “There’s no master hacker. They’re waiting for doors to open because someone didn’t do something, or they did something they shouldn’t have.”
Frank added that he’s sat down to interrogate the best hackers around the world. One in particular told him: “Banks spend upwards of $250 million on software to keep me out. But they have 200,000 employees, so I just wait for them to do something wrong and let me in.”
This message resonated very well with the Navigate audience. Sadly, our Market Pulse Survey continues to show that the risk of insider threats is still very prevalent. Case in point, 1 in 5 employees openly admitted that they have uploaded proprietary corporate data to a SaaS app like Dropbox or Google Docs, with the specific intent of sharing it outside of the company.
Frank has a similar example. He conducts seminars with companies to talk about preventing breaches. He tells a story about dropping 20-30 USBs around the employee parking lot with labels on them saying “confidential.” Then over lunch, he opens his laptop and waits. According to him, there are always a handful of people who try to access the USB (if you’re wondering, like I was, what was on them – apparently a message pops up saying something to the effect of: “this was a test, and you failed.”).
So what can companies do? Frank shared some excellent parting advice with the Navigate audience. Above all else, Frank emphasized it’s critical that companies educate employees about how important it is to protect data. He added that it’s imperative that organizations be vigilant about managing the risk of insider sabotage or fraud.
We’re very appreciative of Frank’s visit this week. It set the stage nicely for our conversations this week about how our customers can use SailPoint’s Identity Management solutions to put automated controls in place to govern employee (and contractor) access. While the insider threat (again either malicious or inadvertent) remains very real, as Frank said, there are key steps that can be taken to minimize that risk.
Stay tuned for more insights from Navigate ’15.