We all fantasize about what we’ll do on our last day of work. But few of us will go as far as the Twitter customer support employee who used their last day on the job to deactivate Donald Trump’s account. As far as final working day pranks go, one that makes international headlines is hard to beat.
It’s a stark reminder that businesses often grant employees a huge amount of power and access to valuable information. Such access can easily be abused with malicious (or mischievous) intent. Or it can provide the conditions in which a careless employee can allow sensitive data to be compromised.
To truly protect themselves, businesses must understand the difference between Malicious Threats and Careless Insiders, and how to protect against both.
Careless Insiders are employees that accidentally leak company data, either through some mistake on their part or because they have unknowingly had their accounts hacked.
With employees and third parties getting more and more access to company data, this is becoming a regular occurrence. For example, a lawyer for Wells Fargo accidentally leaked 1.4 gigabytes of confidential client data when sending documents for a defamation lawsuit. And prior to that, the personal information of 36,000 Boeing workers was leaked when an employee accidentally emailed a spreadsheet containing the data to his spouse.
People make mistakes. But when they have access to huge amounts of sensitive information, these mistakes can have potentially disastrous consequences.
And sometimes, as a result of poor security hygiene, employees can give hackers access to company data without even realizing it. Hackers can compromise employee accounts through social engineering, phishing, installing malware, or sometimes, simply guessing a weak password using information gathered from social media.
In these instances, fraudsters can then exploit the privileged access of the user to steal data. These privileged access accounts often sit far outside of the business itself – the infamous Target breach was initiated using the stolen credentials of a small HVAC supplier with access to Target’s systems.
Malicious Threats are employees that deliberately steal or leak company data for personal or financial gain.
Often, this involves employees making off with company data and selling it on the black market, such as when an employee of healthcare firm Bupa stole 108,000 customers’ private information and shared it with a third party. Sometimes the reasons are more personal. A disgruntled senior auditor at UK retailer Morrisons leaked the details of over 100,000 employees after he was cautioned for inappropriate use of the company’s mail room.
Sadly, the Malicious Threat trend is becoming increasingly prevalent. Recent research found that nearly a quarter (24%) of employees have intentionally misused company email accounts to leak confidential information, typically with a competitor or a new employer.
In the light of the growing danger from Malicious Threats and Careless Insiders, there are several tools businesses can use:
Find out more about to defend against Malicious Threats and Careless Insiders by reading our free whitepaper, Understanding Privileged Identity Theft.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
When a child goes near something hot, a parent will ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser