Malicious Event Personal USB vs Company USB

A senior member of a small to medium Australian design and manufacturing company, who had been with the firm since its founding, decided to move on. The employee was a trusted individual and because of his seniority had access to confidential information, including defence related data around advanced projects.

Before he left the company, GuardWare INSIGHT alerted the IT team to the movement of sensitive data to USBs. The user was authorised to hand-carry company USBs into the manufacturing area, as the 3D printing/manufacturing area was air-gapped. Files were transferred manually by plugging in the USBs. These USB devices were always accounted for and signed-in and signed-out, to ensure data security.

However, this time around the employee used two different USBs to transfer data. One of them belonging to the company and the other one his personal device. INSIGHT records the Serial Number of the USBs used to transfer information. When the IT team challenged him, the user said he had already returned the USB, not knowing that they had detailed information on his use of two USBs.

Confronted with the evidence, the user surrendered his personal USB and further actions were taken.

Risks mitigated by GuardWare INSIGHT

Loss or Theft of USB
Misplacing USBs is a common occurrence in any organisation. Their capacity for storing huge amounts of data makes their loss a potentially serious threat.

Potential Theft of Information
High transfer rates over a short duration of may be potentially malicious in nature and should be reviewed.

Malicious Behaviour
Transfer of information during non-office hours, especially on weekends, may be potentially malicious in mature and should be reviewed.

Loss of Information Due to Information Creep
Large movement of data into USBs clearly indicates a movement of data away from established, legitimate information stores.

Get a Data Security Assessment

We Guarantee Results, through
our 3 week Risk Assessment
process.

If we don’t find any serious cyber risks or incidents,
we’ll refund your investment.

Talk to our Consultant

More Case Studies

Malicious Event Personal USB vs Company USB

When confronted by the IT team, the employee initially claimed to have returned the company USB, unaware that INSIGHT had logged his use of a personal USB as well.

SharePoint Malicious mass downloads from Sensitive Folder to user’s personal
device.

INSIGHT flagged this suspicious activity, and an investigation confirmed that the data had indeed been transferred.

SharePoint Exposure of Customer Data by Law firm – Human Error

In response to this breach, the firm reconfigured INSIGHT to send high-priority alerts directly to both IT personnel and the individual users responsible for risky actions.

Stored Passwords detected by INSIGHT by Company’s MSP having admin rights.

GuardWare INSIGHT’s data discovery scan detected the stored password file, prompting immediate deletion.

Scans revealed stored Customer data including bank account info in AWS DevOPs environment.

GuardWare ASSESSOR revealed stored customer data in log files on developers’ devices and in their AWS environment, as well as the unsafe sharing practices.

Outsource Developers of a financial institution detected exposing Financial APPs source code and company’s IP.

With INSIGHT, they can safely re-enable forum access, confident that any unauthorized source code postings will be promptly detected and addressed.

Productivity Monitoring WFH compared with Office

To address these concerns, the company deployed GuardWare INSIGHT’s productivity monitoring features to track work behaviors accurately.

Rogue Network

Security discovered that an employee had used system roll-back during this period, in an attempt to remove the GuardWare INSIGHT Agent from the system.

Dangers of using Cloud Storage Services and Website Transfers

GuardWare INSIGHT monitors and prevent unauthorized file uploads across cloud, web, email, and chat applications, ensuring their data stays secure and compliant.

Corporate Email Risk - Email forward to user’s Personal Email resulted in serious theft of sensitive PII data

GuardWare INSIGHT flagged the incident. The software’s AI detected the email forward to a personal account and scanned the attached file, identifying the sensitive content.

WFH Risks including VPN misuse

investigation with GuardWare INSIGHT revealed that users were frequently turning the VPN on and off. The university adjusted the configuration to ensure the VPN remains active at all times.

Malicious Insider in a Recruitment Firm – Data exfil by a Director

GuardWare INSIGHT showed that the data exfiltration occurred while the user was connected to the company’s Wi-Fi, proving the laptop was in his possession at the time.

Product

GuardWare INSIGHT

GuardWare ASSESSOR

GuardWare PROTECT

GuardWare OVERSIGHT

Contacts

GuardWare Australia Trading Pty Ltd
Phone: 02 8551 8500
Level 10, 2-4 Bulletin Place, Sydney NSW 2000
ABN 94 675 756 555
Wholly owned Subsidiary of GuardWare Australia Pty Ltd.