Last week was a crazy busy week when it comes to data security news. I was out of town and mostly off the grid, and was surprised to see just how much happened while I was not paying a lot of attention. There was the Dyre malware attack on the business cloud, in particular Salesforce.com and the announcement of the Gmail password breach. (If you are concerned about whether or not your Gmail account was compromised, you can check here.) Apple revealed its latest iPhones, which you just know are going to provide future security concerns. Plus, I received all kinds of interesting reports and studies that you’ll be hearing about in future blogs.
So as I sat down today to put together a blog post for you, I had a lot of things I could have talked about. But after several cups of coffee and some serious contemplation, I decided to discuss the Saks Fifth Avenue attack. Companies can learn very important lessons from this breach, because it shows the dangers of rogue employees and insider threats.
I saw the headline about the story on Retail Dive that was spot on: “Saks credit card fraud not a cyberbreach." And it wasn’t, at least not in the sense of what we come to think of as a breach—an outsider attacking the network in order to steal data with financial worth. But it was a breach of customer data. Only this time it came from the inside, which I don’t think most businesses have considered as a real potential issue just yet.
A recent survey from SpectorSoft found that 75 percent of IT departments don’t have the ability to detail the human behavioral activities of an insider threat, 59 percent don’t have the capabilities to detect an insider threat and 61 percent said they can’t deter one.
As eSecurity Planet pointed out, it took four months for Saks to discover that employees were using credit card data to ring up $400,000 worth of purchases. The insider threat isn’t going to get any better, Paul Trulove, vice president of product marketing for SailPoint, told me in an email, because there is no easy solution for protecting organizations from an attack like this one. It requires a coordinated defense involving people, processes and tools. He added:
The insider threat remains very real across all types of organizations. Simply educating employees on corporate data policies and what is and what is not appropriate is not enough. Companies must institute preventive and detective controls to help safeguard data to keep their organization and their customers safe.
One possible approach to defending against insider attacks is implementing identity and access management (IAM) solutions that provide a centralized view into an organization’s identity data and help to limit and control employee access to sensitive data and applications.
Companies today must realize that insider threats are real, and they must be guarded against. Finding out that the majority of companies don’t have ways to detect or deter insider threats is alarming. I am hoping that the Saks news is a wakeup call to the enterprise that we have to worry just as much about what’s happening on the inside as we do about watching for attacks coming from the outside.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba