Edward Parsons, senior manager in KPMG's cyber security team, comments on the cyber security risks facing businesses in the wake of software being developed to aid whistleblowers. Increased corporate transparency is an important developing trend but he warns that companies need to be aware that these tools could be used by insiders to steal or leak huge volumes of sensitive data, further complicating the insider threat issue for business. He said:
“The Edward Snowden disclosures highlighted the potential for staff with privileged access rights to abuse those privileges to collate and leak massive volumes of sensitive data. Those motivated to leak data increasingly rely on technology to aid them to cover their trails and or protect their identities. Though more recently, with the development of open source software such as OnionShare and the Guardian’s SecureDrop specifically designed to help whistleblowers leak information and avoid common forms of online surveillance, could pose a risk to businesses. These tools can be readily deployed by insiders to facilitate data leakage as a form of protest or, in the case of OnionShare, for more nefarious purposes, including crime and espionage.
“Transparency and trust in business have never been higher on the corporate agenda and an important part of this is that businesses should ensure they have internal whistleblowing systems that allow staff with genuine issues to have them addressed internally, so they don’t feel the need to leak data externally. If companies don’t offer appropriate whistleblowing systems, staff may be tempted to go elsewhere. We are in an age where misdemeanours are easy to leak and harder to mitigate.
“Businesses also need to be aware of emerging whistleblowing tools and consider how such the development of such capabilities changes their threat landscape. Their technical and administrative controls should be calibrated to the threats they face.”
- ENDS -
Nahidur Rahman, KPMG Press Office
T: 020 7694 8812
M: 0788191 6975
KPMG Press Office: 020 7694 8773
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with approximately 11,500 partners and staff. The UK firm recorded a turnover of £1.8 billion in the year ended September 2013. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 155,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.