It has been reported that an employee from personal credit ratings firm Korea Credit Bureau (KCB) has allegedly been arrested and accused of stealing data from the customers of three credit card firms while working for them as a temporary consultant.
According to the Korean Financial Supervisory Service (FSS) the names, social security numbers and credit card details of 20 million South Koreans, almost half of the population, were copied and stolen. The employee later sold the data to phone marketing companies.
"This looks like a classic example of a failure to control what’s known as ‘privileged users’ on corporate networks," said Paul Ayers, VP EMEA at enterprise data security firm Vormetric.
Privileged users are often short-term contractors who are given network access to perform software installation and system configuration. But they can present a security issue as they also have the ability to read, copy and change company documents and files.
Although specific details of how the temporary employee was able to access and copy this data are not yet available, this incident highlights an ongoing challenge for businesses to ensure that their systems are defended against insider threats.
"The best solution is to limit access so that privileged users can’t actually read or edit the information in data files, but can still move them around as their job requires," advises Ayers.
"Unfortunately the majority of organisations do not yet have this capability and the KCB incident is an example of what can go wrong. [Vormetric’s] research from last October showed that a whopping 73% of organisations fail to block privileged user access to sensitive data. This will likely begin to change as more incidents of insider threat data breaches make headlines, but for now a high level of risk from inside company networks remains."
Matt Middleton-Leal, regional director, UK & Ireland, CyberArk, highlighted similarities with the infamous NSA leak at the hands of privileged user and former CIA contractor, Edward Snowden.
"In the case of the alleged breach in South Korea, the fact that the individual was reportedly able to access and then sell on vast quantities of customer information is very worrying," said Middleton-Leal.
"It is essential for organisations to have a system in place that is capable of managing, monitoring and controlling all privileged access and activity, with the option to terminate a malicious session if necessary. While it would seem that this case is a classic example of the ‘insider threat’ – that is, the malicious abuse of privileged access – the threat from within can also include the accidental misuse of privileged access, or the abuse of these accounts by cyber attackers, who immediately seek out these credentials once inside a corporate network in order to steal information or imbed malware in a system."
"A breach of customer data can spell disaster for a business, due to the loss of customer confidence, revenue and the possibility of severe financial penalties if they are found to have been negligent in the protection of this information. Incidents such as these should therefore provide an ongoing reminder to businesses of the danger of complacency when it comes to the ever-present insider threat," he warned.
