The insider threats have to be accounted for in some form or manner. Although the business would hope this would be an issue, at times still is. In particular, the business owner or senior management should be aware of potential issues. Notable that the insider threat has the potential to be devastating, especially when the insider is acting maliciously.
A recent and unfortunate incident involved SunTrust. One of their former employees in February 2018 to steal an estimated 1.5M client’s data. The prior employee’s intent was to sell this to a third party for criminal uses.
Any data stolen is not a good thing for the institution and the clients. In this case, it could have been much worse. The data stolen was the client’s name, their address, phone number, and account balances. Fortunately, the PII (e.g. social security number, account number, PIN, User ID, password, or driver’s license number).
Although the prior employee did work to copy the data but was not able to remove the data from the bank.
In other insider malicious attacks, these have been worse. The more data that is stolen and exfiltrated, the greater level of potential liability. To alleviate a majority of this potential issue, the businesses should put in place a robust program or set of programs to monitor the user’s behavior. This would act to safeguard the data and report issues in a timely manner.
Resources
E-Hacking News. (2018, April 23). SunTrust bank’s former employee stole details of 1.5 million. Retrieved from http://www.ehackingnews.com/2018/04/suntrust-banks-former-employee-stole.html
Zorz, Z. (2018, April 23). Former SunTrust employee stole data on 1.5 million clients. Retrieved from https://www.helpnetsecurity.com/2018/04/23/suntrust-stolen-data/
No comments:
Post a Comment