Every week, in some instances, daily, large companies continually endure data breaches. Consumers suffer at the hands of companies they trusted with their personal data because the consequences are not severe enough for companies to implement the appropriate security controls that would minimize risk.
Planning for cyber-attacks that are often the result of employees and other insiders need prevention methods implemented. Least privilege should be implemented for employees of all organizations as they have access to proprietary systems. Often these individuals may bypass security measures through genuine access. Because of the complexity of each role and access their characteristics differ.
Trend Micro Discloses Insider Threat
We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product. We immediately started investigating the situation and found that this was the result of a malicious insider threat. The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent. We immediately began taking the actions necessary to ensure that no additional data could be improperly accessed, and have involved law enforcement.
Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls.
In early August 2019, Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel. The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.
Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat. A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.
Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.
Five best practices that should be used in the creation of your Insider Program:
Know and protect your critical assets
Develop a formalized insider threat program
Deploy solutions for monitoring employees actions and correlating information from multiple data sources
Clearly document and consistently enforce policies and controls
Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees
The basic function of an insider threat program is to protect the assets that provide your organization with a competitive advantage.