Insider Threats – Are They Just Human Nature?

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is the same, regardless if the breach was an accident. On the other end of the spectrum from accidental insiders are intentionally malicious insiders. Even U.S. government entities are falling victim to these types of insider attacks. According to a recent CSO article, two employees at New Jersey Motor Vehicle Commission have been charged with identity theft after allegedly using their insider credentials to obtain personal identifiable information (name, addresses, social security numbers and dates of birth) of unsuspecting residents. And also take into account that the Ponemon Institute along with HP just released a global survey titled “The Insecurity of Privileged Users” indicating that organizations continue to give too much user access to sensitive data. What a shock! The survey indicates that more than 60 percent of participants reported that privileged users access sensitive or confidential data out of curiosity, not job function. Human nature sometimes gets the best of us, and that should be reason enough for companies to make implementing least privilege a high priority.