City of London Police have confirmed that they have made an arrest in connection with the recent Sage data breach.
On Monday 15, a 32-year-old Sage employee was arrested at Heathrow on suspicion of conspiracy to defraud. The arrest adds weight to the belief that the data breach was the work of an insider, as opposed to an external hacker. The suspect has now been bailed.
The data breach targeting Sage potentially compromised the information of between 200 and 300 business customers, with investigations ongoing as to if the data was stolen or merely viewed.
Insider threats continues to be one of the biggest cyber security threats facing businesses today, with many experts calling employees the weak link in the cyber security chain. The insider threat is hard to anticipate and difficult to detect, as privileged and trusted employees can gain access with ease.
Sage may have had all the right cyber security policies and technology deployed but, as Tom Spier of IDT911 told CBR, an employee can easy side-step these measures.
“It’s hard to point a finger to Sage saying they didn’t employ all the right measures – perhaps they did. The tough part about an insider threat is that sometimes it truly can’t be stopped. Organizations should look to implement a strong cyber strategy that includes ongoing education and a solid cyber insurance policy.”
Due to ongoing investigations, it is hard to know the motivations of the culprit in this breach. An inside threat can fall into three categories – malicious, negligent or compromised. A malicious insider takes the form of a disgruntled worker, one who is acting on revenge or to sell data for profit. Explaining negligent and compromised insiders, Imperva’s Morgan Gerhart said:
“Negligent insiders jeopardize sensitive data by innocent mistakes or bad practices. These usually boil down to misconfigured servers (where default admin password may exist), backups or test servers that contain sensitive information but are not protected like production servers, or simply taking your work home – for example saving corporate data on personal devices or cloud services.
“Last, but not least, is the “classic” compromised insider, where hackers compromise corporate or private assets that have internal access to the network (such as mobile phones, laptops and desktops). Once an attacker has access to internal resources, it’s only a matter of time before he gains access to sensitive data.”
