Time to Wake Up About the Inside Threat

The inside threat continues to grow at companies with various reports showing the insider is responsible for anywhere between 60% and 80% of breaches. Below are five stories about inside attacks that made the news in 2018:

SunTrust Bank dealt with the internal threat earlier this year when a former employee allegedly stole details of up to 1.5 million clients, including name, address, phone number and certain account balances. Fortunately social security numbers, account numbers, driver’s license numbers, user IDs, and passwords were not exposed. The former employee may have also attempted to share the information with a criminal third party. In order to further protect customers, the bank offered Identity Protection for all current and new consumer clients.

Nordstrom recently announced that employee names, Social Security numbers, birth dates, bank account numbers, salaries and other information was breached by a contractor. Customer data was not affected in the breach that took place on October 9th and there has been no evidence that the information has been used inappropriately yet. Authorities are investigating and the vulnerabilities that led to the breach have been closed. Nordstrom immediately notified its employees about the breach and has been commended for its transparency.

Chicago Public Schools (CPS) had to deal with a fired an employee who allegedly stole the personal information of approximately 70,000 in the CPS database. This included personal information about employees, volunteers and others, including names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories and other records. After copying the information, the former employee then allegedly deleted the database off of CPS’s systems.

The Coca-Cola Company announced that a disgruntled former employee was found with worker data on a personal hard drive. This affected approximately 8,000 employees although law enforcement officials did not think the information was used to commit identity theft.

Tesla experienced a data breach from a trusted employee. In order to access the data, the employee created several false usernames inside Tesla’s main production OS. In addition to changing actual master data, he then exported massive amounts of sensitive data to third parties. This was all in retaliation because he simply missed a job promotion

When employee data is stolen, it can be a goldmine for hackers. Using the Coca Cola breach as an example, they can use the information to pretend to be any of the 8,000 employees whose information was breached. This could span countless departments – from human resources and procurement to accounts payable and operations. Now think about all of the critical data that’s stored in those systems, such as SAP Ariba, Workday, SAP SuccessFactors, your ERP systems, and more.

It’s clear that organizations need to put even stronger controls in place to prevent and detect the internal threat.  Greenlight’s ResQ solution provides Firefighting capabilities to manage privileged users and automated emergency access while providing complete audit trails of activity and generating access alerts to internal threats. Click here to learn more.