Following the news that a former Expedia IT support employee has plead guilty to using his position to access confidential data and facilitate insider trading, Rui Melo Biscaia, Director of Product Management at Watchful Software commented below.
Rui Melo Biscaia, Director of Product Management at Watchful Software:
“This case demonstrates how much damage malicious insiders can cause, especially when armed with a high level of privilege and little oversight.
“The threat of trusted insiders abusing their positions can be greatly reduced by ensuring that confidential files can only be access by the authorised user themselves. Internal support staff that are able to access other users’ machines should only be able to access files and network areas relevant to their current job, rather than having free reign over information that would normally be highly restricted. Classifying and encrypting all confidential files against unauthorised access will also help protect against external attackers that are able to gain control of a system.
“Expedia should also have immediately revoked all access to their systems as soon as the employee left the organisation. Even if the company device is not returned, a remote kill option would allow them to instantly revoke all access at a moment’s notice.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…