The one risk that bit Goldman Sachs: The internal data theft

Goldman Sachs is a master at gauging risk. It managed to get out of toxic mortgages before they unraveled and shorted them on the way down. We detailed in a lengthy case study the approach to managing risk and the systems and processes behind Goldman. The one risk Goldman didn't count on: Worker espionage.

On July 4, a criminal complaint was filed against Sergey Aleynikov, an ex-Goldman Sachs computer programmer, who allegedly tried to steal the code behind Goldman Sachs' proprietary trading systems.

That's the equivalent of stealing the algorithm behind Google's search.

According to Bloomberg, Goldman may lose millions over the stolen code. Bloomberg reports:

At a court appearance July 4 in Manhattan, Assistant U.S. Attorney Joseph Facciponti told a federal judge that Aleynikov’s alleged theft poses a risk to U.S. markets. Aleynikov transferred the code, which is worth millions of dollars, to a computer server in Germany, and others may have had access to it, Facciponti said, adding that New York-based Goldman Sachs may be harmed if the software is disseminated.

Aleynikov's attorneys note that the IT worker didn't disseminate the code. Aleynikov started at a trading software outfit called Teza Technologies. He has been suspended.

The lesson here is the same one that has been repeated for as long as I can remember: The biggest threat to your systems (and business) often comes from within. Button down those IT security processes.