On the rocks
The great Kentucky bourbon heist serves up a potent reminder for the age of digital theft. An old-fashioned case involving 200 missing bottles of prized Pappy Van Winkle, along with barrels of lesser whiskeys, turned out to be an inside job. Watching one’s own is as important and difficult as guarding against intruders.
As cybersecurity aficionados talked hackers and cloud security over the occasional corn-based spirit at the annual RSA Conference in San Francisco this week, a grand jury across the country indicted nine people for operating a more pedestrian theft and racketeering syndicate dating back seven years.
Among the accused are two employees of the Buffalo Trace Distillery, the provenance of the 65 cases of 20-year old Pappy Van Winkle Family Reserve whose disappearance made national headlines two years ago. The defendants were caught with booze worth more than $100,000.
Investigators say the employees exploited security gaps on a regular basis to walk out with the pilfered tipples, which they would then sell at a discount, often delivering the goods wearing uniforms that suggested a semblance of legitimacy. Though the image of rolling barrels out the back door may elicit nostalgia against occurrences of stolen Home Depot credit card numbers or JPMorgan customer data, the lessons from the Bluegrass State are globally applicable.
The theft of company goods and information is more often than not enabled, sometimes unwittingly, by an insider, according to ProjectSafety.org. Indeed, one expert contends the case of Sony’s hacked emails couldn’t have occurred without the complicity of someone inside the Hollywood studio. The best example may be Edward Snowden.
It’s not an especially heartening message to take away from the Pappy Van Winkle affair, but the first line of defense in protecting corporate patrimony is properly overseeing employees. For some that means installing security cameras or tracking devices. For all, it means the harder task of fostering a culture where theft of property, including data, is considered a crime against one’s own self-interest.