The Impact of Insider Threats – The South Korea Episode.
In Layman’s Terms, What Happened?
At the center of the story is an employee who was working as a software engineer for three credit card companies. Over the course of a year and a half, this employee copied data from corporate servers to his personal drive. What makes this story particularly interesting is that the software engineer was writing anti-fraud software for the firms that he worked for during the same time that he was stealing data.
Business Impact? You Bet!
According to Bloomberg, 27 executives resigned following this incident, including bank CEOs and other senior management. Over half a million credit card users have already asked for new credit cards with many more to come. Perhaps the most significant impact is on the brand of the affected companies. Some companies never recover from the brand damage caused by such a massive security breach.
There are opportunities to prevent these sort of breaches. Audit and a properly deployed behavior alerting system could and should have flagged abnormal behavior from a user with privileged access. In this case, a software engineer who needed access to perform his job was copying massive amounts of data over time. From a security standpoint, a simple “rule” that alerts IT when a user accesses massive amounts of sensitive data over time would have caught him in his tracks.
Authors & Topics: