What the great maple syrup heist can teach us about cyber security

Representational image of a cybercriminal
(Image credit: Pixabay)

This year marks the 10th anniversary since the infamous Great Maple Syrup Heist. In the province of Quebec in Canada, 3,000 tons of maple syrup were stolen from the Federation of Quebec Maple Syrup. At $2,000 per barrel (the equivalent of around 13 times the price of crude oil), it was a significant theft – it raised eyebrows and earned media attention around the world. The total stolen volume was estimated at an incredible $18.7 million, and much of it was never recovered.

About the author

Ben Bulpett is EMEA Identity Platform Director at SailPoint.

The criminals of 2012 were ultimately tracked down, though it took considerable effort for the police to determine the full scale of the crime. 26 arrests were made and the police interviewed more than 200 witnesses, creating a bizarre story surrounding one of Quebec’s major resources—and its sweetest. In the end, in court, one of the thieves, Richard Vallières, was found guilty of theft, fraud, and trafficking stolen goods. It’s an interesting story but the message points to something more fundamental – understanding your business or organization, where its value lies, and making sure it is protected.

The truth is that all organizations are vulnerable to potential criminal activity. And like maple syrup, there is a need to give customers what they want, but understand attacks can come from all sides. The key is protecting what is most valuable.

The sweet spot

Most businesses aren’t looking after syrup, that much is true. But the intangible is just as valuable, if not more so, than what we can see (and taste).

The threat nowadays is increasingly invisible and digital, and revolves around cyber security. These concerns mustn’t be ignored by businesses – especially given how much a target data is for criminals seeking to get their hands on lucrative assets. Sensitive financial and personally identifiable information also has value, yet, all too often, businesses are not doing enough to protect it. Such data is unstructured – where organizations lack real visibility into where the data lives, and who owns it. All of this leads to security vulnerabilities, paving the way for criminals to get their hands on sensitive information without being detected. So, how can businesses effectively mitigate against these risks?

A sticky situation

Securing unstructured data is relatively new territory for organizations. Our recent research found three quarters (76%) had encountered challenges with protecting unstructured data. This included unauthorized access, data loss and compliance fines. What’s more, almost every company surveyed reported difficulties in managing access to unstructured data, citing not just lack of visibility, but also too much data and a lack of single access solution for multiple repositories. 40% admitted to not knowing where the unstructured data was stored.

Businesses cannot afford to be caught out by unstructured data. Companies may be spending record sums on cybersecurity to protect the digital transformation that has accelerated so rapidly over the past year – but it’s a wasted effort if the most pressing threats like unstructured data aren’t properly attended to.

Organizations must maximize visibility into where vulnerabilities lie. Crucial to this is prioritizing user access rights across all data – structured and unstructured. Our research found this is currently not the case, with one-third of companies lacking real-time alerts when unauthorized access occurs within unstructured data, and a quarter of companies failing to perform regular reviews of user access privileges. Without visibility over who has access to what, and when, hackers could be operating unnoticed.

To combat this threat, identity security, with a file access manager feature, must be extended at the implementation stage to manage data access. This security practice ensures security and compliance – automatically – while feeding real-time alerts to the IT team where potential vulnerabilities lie – making them far better equipped to monitor for or respond to a breach. Unstructured data will continue to be created as businesses build on the digital customer experience. But it is crucial businesses leaders recognize and deal with the risks.

Without putting the necessary security in place, the criminals are outside licking their lips. It's a viscous cycle.

Check out the best identity management software.

Ben Bulpett

Ben Bulpett is EMEA Identity Platform Director at SailPoint

With over 25 years’ experience in the software industry; where he has led teams, in the development and implementation of complex IT Security solutions in areas such as; Access Management, Identity Management, Data Governance and Database etc across multiple verticals.

Prior to SailPoint Ben was the Platform Account Director at Oracle responsible for all Oracle Database & associated technologies into Oracle’s Key Accounts. He has also managed Software development teams as well as led small boutique Security consultancies.

Ben has travelled extensively throughout Europe, Middle East, Africa & America through his work responsibilities. He has spoken at numerous events on matters such as Security, Identity Governance and various related privacy issues.