As the fallout from the recent Sage breach continues to rumble on, City of London police have arrested a Sage Group employee on suspicion of fraud.
The 32-year-old female was cuffed at London’s Heathrow airport yesterday in connection with the incident earlier this week, which saw the Newcastle-based software maker suffer what it described as “unauthorized access” to a “small number” of its six million or so UK customers via an internal login. The woman has since been released on bail and investigations are ongoing, police have confirmed.
Sage added:
“Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security.”
This latest breach is just another reminder that the ‘insider threat’ is still a very real risk to companies.
Mark James, security specialist at ESET, explained that one of the weakest links in any organization is the users; you can have as many security features as you like but most of the time someone somewhere needs access to it in one way or another.
“If that user gets compromised or joins the dark side then that data could be at risk. Of course there are lots of things you can do to make it difficult; making sure only some of the network is accessible through segregated access, masking certain stored information to ensure it’s not viewable in its entirety. Encrypting the data that’s stored in the databases and of course making sure that every single task or keystroke is audited, but typically your admins will need to access a large chunk of that data to keep it happy and accessible for all, insider threats are on the up, it’s no longer sufficient to assume your biggest threats are from external attacks.”
Jonathan Sander, VP of product strategy at Lieberman Software, shares a similar view, arguing that the Sage breach just goes to show despite all the headlines about bad guys trying to break in there is an ever present danger from within, too.
“Often firms spend tons of money protecting against outsiders getting in, but fall into the ‘we trust our people’ tap when it comes to insider threat. The trouble with trusting staff is that they're likely worthy of that trust until the moment they become disgruntled – and there's no way to see that moment happen. Every organization must shift to a least trust model for inside security, and even make the goal zero trust. Every scrap of sensitive information should be under a least permission model in files, folders, email systems, and inside applications. Very rigorous process must be applied to IT administrators and the privileged access they have because it can bypass all your strong security if you're not careful."