2011-04-01
By Editor
A Food and Drug Administration (FDA) chemist and his son were charged yesterday with insider trading. The chemist was granted access to confidential data regarding drug approval reviews. The chemist, it turns out, had access to a database, abusing these privileges to purchase advance stock of those companies granted approval. According to the report, the chemist was able to profit US$3.6 million.
“When discussing data theft, we usually talk about hackers penetrating the networks of a company. However, we need to also consider the insider threat – people who are granted, by the employer, access to the organisation’s sensitive data, says Noa Bar-Yosef, senior strategist at security firm Imperva. “It is not clear whether the chemist had to access those documents in order to perform his job or whether mistakenly granted access to documents he should have not had permission to view (ie. excessive privileges). It does not matter. The result in this case is the same. The employee abused his privileges for an unfair advantage.”
“The chemist was eventually caught: ‘He was allegedly recorded by security software early this year accessing a confidential database on drug applications’. This is an example of how the access control works. A move outside of the normal required behaviour should sound the alarm. It’s just a shame that in this case it took the FDA five years to figure this one out,” concludes Bar-Yosef.
 DRAFT1.jpg)
