BreachExchange mailing list archives
South Korean data breach linked to an insider
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 20 Jan 2014 18:09:06 -0700
http://www.computerweekly.com/news/2240212797/South-Korean-data-breach-linked-to-an-insider An employee at a credit ratings firm in South Korea is alleged to have sold the personal details of up to 20 million South Koreans to marketing firms in a classic example of the insider threat. A temporary consultant at the Korea Credit Bureau (KCB) has been accused of stealing sensitive customer information from its servers – including names, social security numbers and credit card details – according to a statement from the Korean Financial Supervisory Service (FSS). The information was taken from the internal servers of KB Kookmin Card, Lotte Card and NH Nonghyup Card. Regulators have launched investigations into security measures at the affected firms, the FSS said. “The vast potential damage that can be caused by an abuse of internal user privileges has been seen time and time again,” said Matt Middleton-Leal, regional director, UK & Ireland at security firm CyberArk. He said organisations routinely grant powerful privileged accounts and credentials to their employees and contractors, but this leaves them vulnerable if they do not have proper control and monitoring capabilities. “In the case of the alleged breach in South Korea, the fact that the individual was reportedly able to access and then sell on vast quantities of customer information is very worrying,” said Middleton-Leal. “It should not be the case that an employee – and in this case a temporary consultant – is able to access and then download sensitive data without this suspicious activity being flagged up.” Middleton-Leal said that, while this appears to be a classic example of the "insider threat", the threat from within can include the accidental misuse of privileged access. It can also include the abuse of these privileged accounts by cyber attackers, who immediately seek out these credentials once inside a corporate network in order to steal information or plant malware. “A breach of customer data can spell disaster for a business, due to the loss of customer confidence, revenue and the possibility of severe financial penalties,” said Middleton-Leal. Business risk Keith Bird, Check Point’s UK managing director, said data leaks by employees or trusted partners are still one of the biggest risks facing companies. “In 2013, our data loss prevention survey found that 52% of knowledge workers regularly risk accidental breaches with unsafe computing practices, such as sending emails to wrong addresses, or using unencrypted USB sticks," said Bird. “So if a trusted person chooses to harvest and leak a large amount of data, the damage can be severe, in terms of remediation costs, fines from regulators and loss of reputation. Trust is a precious commodity, and it is all too easily exploited.” Rob Cotton, chief executive at information assurance firm NCC Group said this breach demonstrates the threat that an employee poses, no matter how robust an organisation’s internet facing security is. "A robust organisational security posture is a blend of staff vetting, technical countermeasures, separation of duty and monitoring for egregious abuse of access legitimate or otherwise," said Cotton. “Only by taking this blended approach can organisations hope to detect and minimise the impact from such attacks.” According to Cotton, stopping motivated malicious employees is almost impossible while still continuing to benefit from the efficiency gains seen by the use of computing resources. “As a result, it becomes a matter of risk minimisation, through the use of holistic countermeasures, such as keeping administrative privileges to a minimum,” he said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- South Korean data breach linked to an insider Audrey McNeil (Jan 21)