Time to Wake Up About the Inside Threat
The inside threat continues to grow at companies with various reports showing the insider is responsible for anywhere between 60% and 80% of breaches. Below are five stories about inside attacks that made the news in 2018:
SunTrust Bank dealt with the internal threat earlier this year when a former employee allegedly stole details of up to 1.5 million clients, including name, address, phone number and certain account balances. Fortunately social security numbers, account numbers, driver’s license numbers, user IDs, and passwords were not exposed. The former employee may have also attempted to share the information with a criminal third party. In order to further protect customers, the bank offered Identity Protection for all current and new consumer clients.
Nordstrom recently announced that employee names, Social Security numbers, birth dates, bank account numbers, salaries and other information was breached by a contractor. Customer data was not affected in the breach that took place on October 9th and there has been no evidence that the information has been used inappropriately yet. Authorities are investigating and the vulnerabilities that led to the breach have been closed. Nordstrom immediately notified its employees about the breach and has been commended for its transparency.
Chicago Public Schools (CPS) had to deal with a fired an employee who allegedly stole the personal information of approximately 70,000 in the CPS database. This included personal information about employees, volunteers and others, including names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories and other records. After copying the information, the former employee then allegedly deleted the database off of CPS’s systems.
The Coca-Cola Company announced that a disgruntled former employee was found with worker data on a personal hard drive. This affected approximately 8,000 employees although law enforcement officials did not think the information was used to commit identity theft.
Tesla experienced a data breach from a trusted employee. In order to access the data, the employee created several false usernames inside Tesla’s main production OS. In addition to changing actual master data, he then exported massive amounts of sensitive data to third parties. This was all in retaliation because he simply missed a job promotion
When employee data is stolen, it can be a goldmine for hackers. Using the Coca Cola breach as an example, they can use the information to pretend to be any of the 8,000 employees whose information was breached. This could span countless departments – from human resources and procurement to accounts payable and operations. Now think about all of the critical data that’s stored in those systems, such as SAP Ariba, Workday, SAP SuccessFactors, your ERP systems, and more.
It’s clear that organizations need to put even stronger controls in place to prevent and detect the internal threat. Pathlock’s ResQ solution provides Firefighting capabilities to manage privileged users and automated emergency access while providing complete audit trails of activity and generating access alerts to internal threats. Click here to learn more.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.