South Korean data breach linked to an insider

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computerweekly.com/news/2240212797/South-Korean-data-breach-linked-to-an-insider

An employee at a credit ratings firm in South Korea is alleged to have sold
the personal details of up to 20 million South Koreans to marketing firms
in a classic example of the insider threat.

A temporary consultant at the Korea Credit Bureau (KCB) has been accused of
stealing sensitive customer information from its servers – including names,
social security numbers and credit card details – according to a statement
from the Korean Financial Supervisory Service (FSS).

The information was taken from the internal servers of KB Kookmin Card,
Lotte Card and NH Nonghyup Card. Regulators have launched investigations
into security measures at the affected firms, the FSS said.

“The vast potential damage that can be caused by an abuse of internal user
privileges has been seen time and time again,” said Matt Middleton-Leal,
regional director, UK & Ireland at security firm CyberArk.

He said organisations routinely grant powerful privileged accounts and
credentials to their employees and contractors, but this leaves them
vulnerable if they do not have proper control and monitoring capabilities.

“In the case of the alleged breach in South Korea, the fact that the
individual was reportedly able to access and then sell on vast quantities
of customer information is very worrying,” said Middleton-Leal.

“It should not be the case that an employee – and in this case a temporary
consultant – is able to access and then download sensitive data without
this suspicious activity being flagged up.”

Middleton-Leal said that, while this appears to be a classic example of the
"insider threat", the threat from within can include the accidental misuse
of privileged access.

It can also include the abuse of these privileged accounts by cyber
attackers, who immediately seek out these credentials once inside a
corporate network in order to steal information or plant malware.

“A breach of customer data can spell disaster for a business, due to the
loss of customer confidence, revenue and the possibility of severe
financial penalties,” said Middleton-Leal.

Business risk

Keith Bird, Check Point’s UK managing director, said data leaks by
employees or trusted partners are still one of the biggest risks facing
companies.

“In 2013, our data loss prevention survey found that 52% of knowledge
workers regularly risk accidental breaches with unsafe computing practices,
such as sending emails to wrong addresses, or using unencrypted USB
sticks," said Bird.

“So if a trusted person chooses to harvest and leak a large amount of data,
the damage can be severe, in terms of remediation costs, fines from
regulators and loss of reputation. Trust is a precious commodity, and it is
all too easily exploited.”

Rob Cotton, chief executive at information assurance firm NCC Group said
this breach demonstrates the threat that an employee poses, no matter how
robust an organisation’s internet facing security is.

"A robust organisational security posture is a blend of staff vetting,
technical countermeasures, separation of duty and monitoring for egregious
abuse of access legitimate or otherwise," said Cotton.

“Only by taking this blended approach can organisations hope to detect and
minimise the impact from such attacks.”

According to Cotton, stopping motivated malicious employees is almost
impossible while still continuing to benefit from the efficiency gains seen
by the use of computing resources.

“As a result, it becomes a matter of risk minimisation, through the use of
holistic countermeasures, such as keeping administrative privileges to a
minimum,” he said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.