Those of you who regularly visit the SecurityInfoWatch.com homepage know that we're a pack of newshounds. From corporate mergers to the latest alarm panels, if it's happening in the industry we jump on it. So we were hit with a bit of excitement when our local newspaper first broke the "Coca-Cola secrets" story. It seems that Coca-Cola, which is headquartered here in Atlanta along with the SecurityInfoWatch.com offices, had been able to prevent what could have been a major security breach.
Here's the sum of the story (you can find the full news report here): A Coca-Cola employee (rumored to be an administrative assistant to an executive level position) allegedly attempted to sell Coke's secrets and even a potential new product to soda-war rival Pepsi. Pepsi didn't bite and instead notified Coke, whereupon the FBI became involved and was able to find and arrest the alleged corporate traitor, plus two accomplices.
As security journalists, this is the kind of story that we practically foam at the mouth for, and despite the fact that many details of the investigation are not being released due to upcoming legal action, it has dramatic elements from which all security directors (physical or IT) can learn.
First, it involves an internally driven threat. Secondly, it involves both physical and information assets ("classified" documents and even a supposed sample of a potentially new Coke product). Thirdly, it involves cooperation with law-enforcement, making this a classic case of how a business shares information with law enforcement.
Fourth, it's a marvelous example of how major corporations can break down the barriers of competition to engage a security investigation that ultimately benefits both companies. Fifth on the list, the "Coke secrets" story underscores how important it is to manage information security rights and privileges. Finally, it involves surveillance cameras -- they set up cameras above the employee's desk to document suspected crimes, and they "got the goods", so to speak.
Have you had such an investigation work successfully at your own organization? Let us know about it; we'll let it be as anonymous as you like. The investigation also reminds me of some of the chapters from "The Process of Investigation," a book outlining corporate investigation strategies. We recently excerpted two sections from that book -- Methods of Interrogation: Techniques on Interrogation for Corporate Security and Using Computers as Objects of Evidence in Corporate Investigations -- and the text is a great addition to your office bookshelf.
Researching the Breaches
New data from a CA study examines propensity of security breaches
Somewhat in the same vein as the Coca-Cola secrets story, since that investigation turned up information on sensitive corporate documents that were breached, are the results of a security study from CA. According to a survey of some of North America's largest enterprises, information security breaches have become relatively common, with 84 percent of the responding companies reporting a breach in the last year. The data from the CA-sponsored study indicates that breaches are up 17 percent since 2003, and that over a third of these are coming from within the enterprise. The survey also looked at what's being done to prevent more breaches, and "identity and access management" (IAM) investments are the top priority, which again makes physical access control and IT access the most likely point for enterprise security convergence.
Good Deed of the Week
HSM gives back to community
HSM Electronic Protection Services, a dealer/monitoring company that those of you with some history know was formerly part of Honeywell, earns the good deed of the week award for a $15,000 donation to a small non-profit that helps fund research into a blindness disease that affects young children. Your company, however, doesn't have to be a national company or even a regional to earn accolades, just email us at email@example.com to let us know how you're supporting your own community or charities.