The Mail on Sunday this past weekend saw an anonymous whistleblower hand a journalist a memory stick with the personal data of 2,000 Barclays customers, saying information on a further 25,000 was also available.
It has the security industry conflicted on where the responsibility ultimately lies, with many citing that Barclays be liable and pay large fines. However, others such as Dominique (DK) Karg, chief hacking officer for AlienVault commends Barclays for not burying its head in the sand and actually thanking the Mail on Sunday for bringing the leak to its attention. He said:
“… it all comes down to organisations sharing this kind of intelligence openly so that others can learn from it. At this point, the damage to Barclays image is huge, but in this case, it is clearly the work of one or two people that had legitimate access to the data. What the authorities need to do is go for these guys and make an example of these malicious insiders.”
And I tend to agree. All Barclays can do now is go back and launch a full investigation and take the appropriate steps after the fact. I think the point is that people will always be the weakest link in an organisation’s security. Without a doubt, it is a slippery slope when we start losing the ability to make individuals accountable for their own actions – it’s all too easy to put blame squarely on an organisation.