Edward Snowden, a former CIA worker, leaked materials to the media that allegedly showed the US to have conducted widespread and illegal surveillance of its citizens and other nations.
Reports from the Guardian and Washington Post claim that the US National Security Agency (NSA) have been illegally collecting millions of telephone records from Verizon customers, emails, live chats and search histories from Facebook and Google and had even bugged EU offices in Washington and UN headquarters in New York.
What this news story breaks down to is an employee had access to sensitive information that he decided to leak for personal reasons.
This begs all kinds of questions for the CIA. Was there adequate screening of his role? Did he have more access than he needed to? Was he left unsupervised for long periods of time?
In turn, you could ask this of yourself. Do you monitor your staff regularly? Do you ensure appropriate information security training is enforced?
An employee leaking sensitive data from your organisation may not have the same impact that Snowden has caused, but it will cause you brand damage, it will cost you and you will have breached the law.
Everything is relative. If one person can bring down US security, think what one person, armed with the right information could do to your business.
One of the first steps every organisation should take is to conduct a risk assessment. This will help you assess areas of weakness and the vulnerabilities posed by internal and external threats. Find out more >>