Please take a moment and read the following article on the current Bank of America breach:
There are two main points we need to take from this. First, the insider threat is real. It is also incredibly hard to detect and react to. We have been pushing for quite some time at PDC to move beyond simple IDS/IPS/AV tactics. This story only serves to re-enforce this view.
The second thing we need ponder is the fact that it took a year to notify the customers of the breach. Oh... and 10 million being stolen.
I hope that the upper management pool around the world is starting to realize that security is not a check-box exercise. It is not a matter of "yep, we have security." And, it is not a bunch of kids in the basement looking for computers to "p0wn." The threats are real, the money they can steal is real. There is not a "product" you can purchase that will protect you.
PaulDotCom will be teaching Offensive Countermeasures at Black Hat July 30-31