Last week’s Medicare number leak is a prime example of what can happen when an employee or other trusted party with systems access turns rogue. In truth, if just 80 or so Medicare numbers have been purchased, as has been widely reported, then Medicare has got off lightly. But how big a deal are internal threats? And can we do anything about them?
Depending on the report, insider threats – breaches or data leaks caused by internal staff who abuse access privileges – account for anywhere between 40% and 70% of reported breaches. That makes them a serious issue, and one that is often neglected in security policies and procedures.
In other words – they’re a big deal.
Putting in place internal controls such as logging access to sensitive data, looking for anomalous behaviours such as people trying to access systems they don’t need to use or data moving through unusual network routes are telltale signs that an internal actor is either intentionally or accidentally acting like a bad guy.
It’s also important to create internal segregation in the network so people can’t move laterally between systems to gain unauthorised access.
Those things are easier said than done but if internal actors are responsible for such a large proportion of data breaches then it’s clear we need to have appropriate protections in place.