Back to blog

Superman III and the Inside Threat

June 7, 2019
Yes, you read that right… a reference to a really bad 80s movie (1983 to be exact) and the inside threat. You must be wondering how the two are related. Before I explain, I want to make it clear that this is not a recommendation to watch this movie. In fact, it only received a 24% Positive Review on Rotten Tomatoes. So how do the two tie together? In the movie, Richard Pryor plays a computer genius working at Webster Industries. After talking to a co-worker, he uncovers the fact that the company’s payroll is made up of numerous half-cent transactions that remain hidden in a database. He writes a program to scrape all those half-cents together and pays himself $85,789.90. The executive team realizes that the money has gone missing and they lament the fact that they will never find the perpetrator. Of course, they then see Richard Pryor pull into the parking lot in a brand new Corvette and quickly enlist his talents for their nefarious purposes. So why a blog about this now?!? Because in 1983, this movie highlighted the dangers of the inside threat and companies still haven’t found a solution to deal with this problem. Just look at the headlines such as: Ex-Microsoft Sports Director Charged with Attempting to Steal $1.5M, Apple Insider Attempts to Take Autonomous Car Secrets to China, Tesla Data Theft Case Illustrates the Danger of the Insider Threat, and just this week news of data breaches at Quest Diagnostics and LabCorp. You may be wondering why Quest Diagnostics and LabCorp are included in this list since it looks like these were breaches by third party vendors. But these vendors became inside threats since they were authorized to have access to business-critical applications. Now keep in mind the danger of the inside threat. Ponemon found through their research that the insider is responsible for 60-80% of all breaches. And the total average cost for an inside breach is $8.76 million. But that number is peanuts compared to what happened at Steinhoff International. Steinhoff International is a global retailer with more than 40 brands in over 30 countries. Visit the company’s web site and you’ll be greeted with numerous details about an ongoing investigation on the home page. According to the forensic investigation document, PwC was brought on board to analyze and investigate allegations of potential accounting irregularities and/or potential non-compliance with laws and regulations, made against various Steinhoff entities and its former executives. According to the report by PwC, the company recorded irregular or fraudulent transactions of $7.4 billion by former executives and external parties. These transactions were used to inflate profits and asset values of the company. And in order to cover up this illegal activity, the executives allegedly backdated documents. Several top executives have resigned upon these revelations and shareholder value has dropped. In fact, additional reports stated that the company posted a $12 billion valuation write-down last year. So the question is: can you prevent authorized users from doing unauthorized things? Find out how. Click here to view our on-demand webinar 10 Steps to Prevent the Insider Threat from Wreaking Havoc on Your Applications.