Toll to inspect USBs it suspects aided data theft

Freight giant Toll has been given permission to access and inspect eight USB devices it thinks might have been used by an ex-employee to pinch sensitive corporate files.

Earlier this month Toll applied for preliminary discovery of USB devices owned by a former national sales manager for its NQX freight forwarding and transport services business.

The executive had worked for Toll since 1981 and resigned around March/April last year, departing on August 12. Two months later he took up a similar position at Toll rival Followmont Transport.

Given his responsibility for setting customer rates and terms of trade, the executive had access to commercially sensitive pricing information, profit margins, and customer financial data.

He accessed this data through a work-issued laptop that contained 30,000 documents, which he returned on his last day of work.

However, a forensic examination of the laptop by Toll's IT staff in partnership with Deloitte has led the freight giant to suspect that the executive took sensitive data with him to his new job.

Toll said it had found that non-Toll USBs were inserted into the laptop in the days leading up to the executive's departure, and certain shortcuts on the laptop indicated sensitive corporate documents were ported to the USBs.

The executive contends that it was necessary for him to use removable storage devices frequently given the size of particular files he received as part of his work.

Toll said it also found evidence on the executive's work email account that he was negotiating with his new employer while working at Toll. 

In a ruling in the federal court last week, Justice Logan agreed that the evidence on the laptop gave rise to the suspicion that data was taken by the executive.

He ordered the executive to produce the USBs within 17 days.

"[The executive] was in the period between March or April 2016 and August 2016 increasingly diffident about the continuance of his employment with Toll Transport in the Toll NQX business," Logan said.

"The USBs were inserted into his very work computer. It seems inherently unlikely that the three inserts on 11 August, the very day before his resignation, were each work-related."

Justice Logan said there was "some evidence" of Followmont taking on new customers that had previously been users of Toll's services.

Toll was ordered to pay the executive's costs of ascertaining which USBs were within the scope of the request.

Securing against the insider threat

The greatest threat to a company's security is no longer an external hacker, but an employee within its walls holding legitimate access to its systems.

More than half of the attacks on the most-targeted sector, financial services, in 2016 were perpetrated by insiders, according to IBM's X-Force threat intelligence index 2017.

The bad news is there is little a business can do to stop a determined insider from carrying out a malicious attack.

While security 101 approaches like the principle of least privilege - only giving users access to what is essential for their job - and signature-based malware can help a business prevent malicious and accidental insider threats, they won't stop one who is disgruntled enough to try to do the company harm.

A growing "user-behaviour analytics" (UBA) industry is trying to help businesses catch internal actors out before they can do damage.

The technology looks at patterns of human behaviour to identify anomalies and potential threats.

"They'll look at things like 'this bloke normally comes to work, checks his email, and accesses certain resources and folder shares. But one day he comes in and pulls down 10GB from places he doesn't normally go to," security researcher Troy Hunt said.

But while UBA tools can help spot early signs of questionable behaviour, reducing the risk of the malicious insider cannot be achieved without one key factor.

"Keeping people happy is a really good way to stop people doing this sort of stuff," Hunt said.

"There's always going to be edge cases. Disgruntled employees are one of the most detrimental things we can have, and you can't stop someone who is determined enough.

"But keeping people happy creates an environment where they don't feel disposed to do [anything malicious]."