Whether you describe Edward Snowden as a hero or a criminal, thereu0019s no denying the impact that this self-described u0018computer wizardu0019 is having on IT leaders. After all, if even the NSA can fall victim to a tech-savvy millennial, how can they defend their data? In the aftermath of the great data heist by Edward Snowden, the now-infamous computer specialist who stole top secret information from the National Security Agency and leaked it to The Guardian earlier this summer, CIOs are feeling a little helpless.“People are saying that if it happens to the NSA, which must have incredible tools to prevent people from leaking data yet still leaks on a grand scale, we better be really careful,” says Jeff Rubin, vice president of strategy and business development at Beachhead, a mobile security company.There’s little doubt CIOs are reeling from the Snowden effect. A New Breed of Rogue Employee Roams the NetworkSnowden represents a new kind of rogue employee or contractor: a tech-savvy millennial armed with personal computers who can spirit away highly sensitive data. CIOs will have to deal with this threat sooner rather than later. The old thinking of relying on encryption to safeguard data just won’t suffice in today’s corporate computing environment. The 29-year-old Snowden hatched a plan to swipe data from arguably one of the safest organizations on the planet. His age is significant because he’s symbolic of today’s millennial, a 20-something tech worker flooding corporations across the country. Millennials will make up the largest segment of the workforce by 2015, according to the U.S. Bureau of Labor Statistics.[ Related: CIOs Need to Push BYOD Policies to Lure Millennials ] Two-thirds of millennials assess their technology acumen as “cutting edge” or “upper tier,” according to CompTIA. Snowden, who once described himself as a “computer wizard,” not only gained access to sensitive data, he communicated with the media using encrypted email under the codename Verax.For CIOs, the warning is clear: Your next rogue employee may be good at finding ways around your best-laid security plans.Social Engineering and Tech Savvy a Dangerous ComboWhile there’s no questioning Snowden’s technical chops—after all, he worked at contractor Booz Allen Hamilton as a computer specialist—Rubin doubts Snowden relied on technical skills alone to do what he did. Rather, Rubin believes Snowden employed social engineering tactics to gain access to computers and download data to thumb drives and, eventually, his personally owned computers.“My guess is he went to NSA employees, said [he was there] to work on their computers and needed access to them, and gained their trust,” Rubin says. “He may have even gone as far as telling them, ‘You may get a notice on your screen that there’s some sort of intrusion, but that’s just me so don’t be alarmed.'”Jeff Rubin, BeachheadThe idea that Snowden probably used his personal computers and thumb drives should also be alarming to CIOs, especially in the age of BYOD, says Rubin. With BYOD, mobility and cloud storage services such as Dropbox now common, the chances of corporate data leaking out is higher than ever.In fact, one of Beachhead’s customers recently reversed its BYOD policy because of the security risks. If an employee now wants an iPad, for instance, the company will buy and manage it instead of allowing the iPad to be a part of a BYOD program. They’re saying, We don’t feel we have our act together to really allow this,” Rubin says. Encryption Is Not EnoughAnother lesson CIOs can learn from Snowden is the need for multi-layer security, or automatic triggers for wiping data. Many companies rely on encryption to keep their data safe, yet once a rogue employee gains the password, encryption is worthless. Rubin says the Snowden case highlights the need for triggers that eliminate data beyond a geo-fence or after a certain number of incorrect logins or amount of time. Also, companies might want to look into multi-factor authentication and data access controls to prevent rogue workers like Snowden from seeing data in the first place, Rubin says.Given Snowden’s ability to steal from the NSA, coupled with the rise of both the tech-savvy millennial and BYOD, CIOs are sensing a loss of control over corporate data. “It’s happening too fast,” says Rubin. “I think companies are a little paralyzed.”Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at tkaneshige@cio.com Related content feature Expedia poised to take flight with generative AI CTO Rathi Murthy sees the online travel service’s vast troves of data and AI expertise fueling a two-pronged transformation strategy aimed at growing the company by bringing more of the travel industry online. By Paula Rooney Jun 02, 2023 7 mins Travel and Hospitality Industry Digital Transformation Artificial Intelligence case study Deoleo doubles down on sustainability through digital transformation The Spanish multinational olive oil processing company is immersed in a digital transformation journey to achieve operational efficiency and contribute to the company's sustainability strategy. By Nuria Cordon Jun 02, 2023 6 mins CIO Supply Chain Digital Transformation brandpost Resilient data backup and recovery is critical to enterprise success As global data volumes rise, business must prioritize their resiliency strategies. By Neal Weinberg Jun 01, 2023 4 mins Security brandpost Democratizing HPC with multicloud to accelerate engineering innovations Cloud for HPC is facilitating broader access to high performance computing and accelerating innovations and opportunities for all types of organizations. By Tanya O'Hara Jun 01, 2023 6 mins Multi Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe