The massive data breach in South Korea is the latest attack resulting from a rogue insider. The breach is reported to have affected over 40 percent of the country's population when a temporary worker stole the unencrypted details on a USB stick, and then sold these on to marketing companies.
The data included customer names, and credit card data of around 20 million credit card records. Investigations are underway into the security measures of the firms in question.
Paul Kenyon, co-founder and EVP of global sales at Avecto said: "This is a devastating cyber attack caused by someone on the inside. Organisations can invest a huge amount in protecting their networks and data from outside attacks, but those defences will mean little when there's a rogue employee with an agenda."
"It's difficult to defend against the insider threat but there are steps that can be taken. Enforcing strong administrative rights across the entire organisation can go a long way to minimising the risk. In this specific case it's unclear if the accused employee warranted access to this sensitive data, but effective privilege management can ensure that high-level access is only granted to those who need it, on a case-by-case basis".
An IT contractor has been arrested over the theft of the data whilst three senior execs have offered to resign over the incident, according to reports.
