Time to Wake Up About the Inside Threat

The inside threat continues to grow at companies with various reports showing the insider is responsible for anywhere between 60% and 80% of breaches. Below are five stories about inside attacks that made the news in 2018:

SunTrust Bank dealt with the internal threat earlier this year when a former employee allegedly stole details of up to 1.5 million clients, including name, address, phone number and certain account balances. Fortunately social security numbers, account numbers, driver’s license numbers, user IDs, and passwords were not exposed. The former employee may have also attempted to share the information with a criminal third party. In order to further protect customers, the bank offered Identity Protection for all current and new consumer clients.

Nordstrom recently announced that employee names, Social Security numbers, birth dates, bank account numbers, salaries and other information was breached by a contractor. Customer data was not affected in the breach that took place on October 9th and there has been no evidence that the information has been used inappropriately yet. Authorities are investigating and the vulnerabilities that led to the breach have been closed. Nordstrom immediately notified its employees about the breach and has been commended for its transparency.

Chicago Public Schools (CPS) had to deal with a fired an employee who allegedly stole the personal information of approximately 70,000 in the CPS database. This included personal information about employees, volunteers and others, including names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories and other records. After copying the information, the former employee then allegedly deleted the database off of CPS’s systems.

The Coca-Cola Company announced that a disgruntled former employee was found with worker data on a personal hard drive. This affected approximately 8,000 employees although law enforcement officials did not think the information was used to commit identity theft.

Tesla experienced a data breach from a trusted employee. In order to access the data, the employee created several false usernames inside Tesla’s main production OS. In addition to changing actual master data, he then exported massive amounts of sensitive data to third parties. This was all in retaliation because he simply missed a job promotion

When employee data is stolen, it can be a goldmine for hackers. Using the Coca Cola breach as an example, they can use the information to pretend to be any of the 8,000 employees whose information was breached. This could span countless departments – from human resources and procurement to accounts payable and operations. Now think about all of the critical data that’s stored in those systems, such as SAP Ariba, Workday, SAP SuccessFactors, your ERP systems, and more.

It’s clear that organizations need to put even stronger controls in place to prevent and detect the internal threat.  Greenlight’s ResQ solution provides Firefighting capabilities to manage privileged users and automated emergency access while providing complete audit trails of activity and generating access alerts to internal threats.

There are also countless headlines where an external threat is able to steal employee credentials through phishing campaigns. Once they are able to log in as an employee, they become an inside threat. And as Ponemon found through their research, the insider is responsible for 60-80% of all breaches. And the total average cost for an inside breach is $8.76 million.

One of the issues is that corporate governance has largely been based on trust:

Trust that employees, contractors or anyone else working on behalf of the company will:

  • read and remember company policies
  • hold themselves personally accountable for upholding those policies
  • and, apply those policies as they perform their daily activities

Trust that all the critical risks have been identified

And the controls they have designed to mitigate those risks will:

  • Find errors after they have occurred (detective controls – i.e. – review and approval workflows, surprise cash counts or taking inventory)
  • Prevent errors, fraud or risks from occurring (preventative controls – i.e.- employee training, locking the building or segregation of duties)
  • Correct any errors or incidents that threaten company assets (corrective controls – i.e. – notifying a supervisor or the person accountable, disciplinary action, etc.)

We all know this approach has significant limitations:

  • People are human. They cut corners, make mistakes and their personal goals and objectives don’t always align with the company’s
  • Management can undermine the control environment – through inconsistency, complacency or overriding controls that get in their way
  • The control environment constantly changes and is difficult to keep up with: Regulations, Workforce, Business priorities, and Business applications

You need to monitor and manage risk, compliance and performance, in real-time, across all of your business critical applications.

Leave a Reply

Your email address will not be published. Required fields are marked *