View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
November 17, 2010

£6.2m ‘lost business’ – down to one email. Ouch!

This is quite an intriguing one, and not your usual security story either. According to press reports, UBS may have lost £6.2m worth of business because of one unfortunate employee email

By

What happened? As far as we can gather (the story is in The Telegraph here) the chap pressed the send button about a sensitive client matter to, er, 100 people.

Email gaff costs £6m

You gotta hate it when that happens! In the email, details of the upcoming flotation proposed listing price of the former client – former automotive giant and, well, sort of bank, now? – General Motors were leaked by accident. GM promptly closed its account with UBS and removed it as an underwriter from the float – hence the six million bucks loss, from fees it would have pipelined to collect. (The information is valuable to anyone looking to short-sell trades on the opening day, among other ways to make money at GM’s expense, basically.)

How do we know about this? GM had to detail it in SEC filings, as it had to protect itself against any refunds or damages from aggrieved investors because of the leak if UBS remained an underwriter on the deal.

Now, this isn’t a case of hacking – the employee made an error, no deliberate fraud was committed, at least as far as we know. But it is a clear case of information security weakness. Insufficient safeguards were in place – or rather, had not been put in place by the IT and/or risk management team at the Swiss bank – to limit exposure.

The story is a reminder that porous corporate walls are great on some days, when we want to be all social media-ed up and interconnected, and very, very worrying on other days, when we see data walking out the door and potentially harming us.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

This could have happened just as easily with a carbon copy of a memo. But it didn’t, it happened because no one had set the right rules up on the dude’s Outlook. According to Philip Lieberman, president of identity management specialists Lieberman Software, anecdotal evidence in the IT security industry suggests that between 50 and 60% of accidental data leaks originate from incorrectly addressed emails and their attachments.

"A good security policy enforcement system should be capable of intercepting any unusual or non-standard messages, and temporarily quarantining the message until a IT security official can review the data," he believes. And who’s to say he’s wrong?

$6.2m of lost revenue opportunity is one thing; the fact that the rest of the world gets to comment on UBS’ shortcomings here is a far bigger issue.

Don’t let this happen to you. The CIO or CISO or Risk Manager must continually strike a balance, and it may be a daily act, between openness and security. If you don’t… will we be writing about you next week?

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU