TeraMedia
Distinguished
@booyaah:
Suppose: An agent already started cultivating the relationship while the guy was in college (just look at what the KGB did...). While out at a bar, the guy divulges his unhappiness, or perhaps a financial problem. Or perhaps the agent even surreptitiously causes the financial problem, and then provides a helpful ear. The agent convinces the guy that he should do something - for any number of reasons - and the guy does. Even if the guy gets caught, the agent is still able to siphon the data back to home base.
Data security is an illusion. There are things you can do so that you know you were breached, and how, and by whom, but if the system is inherently designed to make the data accessible to someone, then that data can be exposed by at least that one person.
If the data is sufficiently valuable, and those are the only workable attack vectors, then those are the vectors that the attacker will successfully use at some point in time. I would argue in your system's case that the easiest vector might be the disgruntled and underpaid employee.So besides social engineering or internal threats
Suppose: An agent already started cultivating the relationship while the guy was in college (just look at what the KGB did...). While out at a bar, the guy divulges his unhappiness, or perhaps a financial problem. Or perhaps the agent even surreptitiously causes the financial problem, and then provides a helpful ear. The agent convinces the guy that he should do something - for any number of reasons - and the guy does. Even if the guy gets caught, the agent is still able to siphon the data back to home base.
Data security is an illusion. There are things you can do so that you know you were breached, and how, and by whom, but if the system is inherently designed to make the data accessible to someone, then that data can be exposed by at least that one person.