Amazon has fired employees responsible for a customer data leak. Twitter has been abuzz as it is unknown how widespread the breach is and how many customers have been affected. The email sent by Amazon to affeted customer is read as follow:
“We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement’s criminal prosecution.”
“No other information related to your account was shared. This is not a result of anything you have done and there is no need for you to take any action. We apologize for this incident.
Did anyone else get a weird email from @Amazon about this data breach or was I just targeted solo? pic.twitter.com/xTsXG9zsZA
— Zain Jaffer (@zainjaffer) October 24, 2020
It is critical for businesses to recognise that threats from legitimate users have always been more elusive and harder to detect or prevent than traditional external threats. Though the extent of the leak is currently unknown, a number of Amazon customers have been notified that their email addresses have been passed on to a third-party by an employee which has resulted in their termination. Organisations must be armed with the tools to prevent threats from within their walls from launching attacks.
A combination of training, organisational alignment, and technology is the right approach to stopping insider threats. Behavioural analytics technology that tracks, collects and analyses user and machine data to detect threats within an organisation is essential because it determines anomalous from normal behaviours. This is typically done by collecting data over a period of time to understand what normal user behaviour looks like, then flagging behaviour that does not fit that pattern. It can often spot unusual online behaviours – credential abuse, unusual access patterns, large data uploads – that are telltale signs of insider threats. More importantly, it can often spot these unusual behaviours among compromised insiders long before criminals have gained access to critical systems.
A recent Bitglass study found that 73% of organisations believed insider attacks had become more frequent over the past year. Cloud adoption and bring your own device (BYOD) policies have improved businesses’ agility, but have also made sensitive data more accessible, presenting a significant IT security challenge.
Unfortunately, in cloud-based IT environments, organisations often struggle to detect anomalous or careless employee behaviours. As such, many must revise their approaches to data protection. By understanding modern threats and deploying appropriate security solutions, many of these risks can be mitigated and even eliminated.
Insider driven attacks are the hardest nut to crack – whether they are malicious or unintentional because of the abuse of valid access. For security analysts, spotting security incidents arising from within their company, which is arguably their own customer base, is particularly tricky because the attacker may have legitimate access.
If the credentials being input are valid, the same alarms are not raised as when an unauthorised user attempts entry from the outside. Deploying data-aware cybersecurity solutions removes the risks around the insider threat because even if an adversary has legitimate access to data, they are prevented from copying, moving or deleting it. What’s important when it comes to insiders, in whatever guise, is to be able to detect malicious or suspicious activity and produce real-time, priority alerts that analysts know must be addressed immediately.