Here is a frustrating one for me, a break-in on a defense contractor’s network results in the theft of 24,000 files. There are Information Rights Management (IRM) products such as Microsoft’s AD-RMS that can be used to essentially encrypt individual files and allow only authorized users to access them. And while AD-RMS doesn’t directly provide protection for all the file types that appear to have been compromised, there are partners who do. So what is frustrating is that while using commercially available IRM technology would not have prevented the theft of the 24,000 files it might have rendered them useless to the thief. I say “might” because assuming a government stole the files they may have the resources to break the encryption. In any case, the best practice would certainly be to use IRM.
So, is this information being reported as compromised because they weren’t using IRM or because IRM doesn’t work?