Details are emerging about an insider breach that exposed AT&T customer information http://threatpost.com/att-hit-by-insider-breach/108705.
Featured Download: CISO Data Breach Guide
Here to comment is Jonathan Sander, strategy & research officer for STEALTHbits Technologies:
“Insiders are worse than hackers because there’s no truly effective way to protect against them. If you need to do business, you need people to access information. If the wrong person or the person in the wrong frame of mind decides to use that access badly, what can you do?
“Here AT&T talks about their ‘strict privacy and security guidelines,’ and I believe completely that they have those guidelines. Every responsible company does. Guidelines like that, though, are not things one can enforce.
“This proves, yet again, that humans are the weakest link in any security plan. It’s the old IT administrator joke about a system error called PEBKAC – Problem Exists Between Keyboard And Chair.
“The other thing this reveals is one reason why hackers make headlines more often than insiders. When a hacker comes through and does a ‘smash-and-grab,’ it’s hard to know what they touched. When an insider does something bad, unless they are a super stealth type like Snowden, you will likely be able to find their tracks. So the notification is like this one – quieter, more individual. But for every hacker, there are a hundred insiders with access that can do harm. It makes one wonder about where IT security spending is going.”
By Jonathan Sander, Strategy & Research Officer, STEALTHbits Technologies
About STEALTHbits Technologies
Founded in 2001, STEALTHbits has extensive experience and deep expertise in the management of Microsoft technologies like Active Directory and Exchange, and governance solutions for unstructured data. With consistent growth, profitability, and a tenured management team that’s been at it since the start, STEALTHbits has emerged as a favorite solution provider for the world’s largest, most notable organizations, as well as a preferred partner to leaders in technology.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.