Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
The insider threat phenomenon worries the companies, Shopify fires employees accused for data steal.

The insider threat phenomenon worries the companies, Shopify fires employees accused for data steal.

The fact dates back to 15 September, but the news has just surfaced: two employees of IT giant Shopify have been accused of data theft from over 100 virtual shops, possibly also compromising the personal information of all customers who have been shopping in those eCommerce affected by Data Breach. The company, which specialises in eCommerce – which also boasts customers of the calibre of Tesla – immediately responded to the news by firing the two employees and actively collaborating with the FBI to investigate the incident.

They also made it clear that this Data Breach was not the result of system vulnerability and that most of their clients were not affected.

A standard press release, but the fact remains that for those who have been involved in the illegal exfiltration of data by the two, it is doubtful that consumer data, including email addresses, names, addresses and other relevant information, has been compromised,

Shopify also made it clear that the credit card information and other sensitive personal financial information was not part of the incriminating data bundle.

This case, relevant though it is, is further evidence that in order to defend ourselves against the Data Breach threat, we often have to take a look within our own organisation. We are talking about Insider Threats.

Error or malice?

Of course, not all of them are as intentional as Shopify, many employees who put company data at risk don’t know they’re doing it, but they’re becoming increasingly common as employees rely on unauthorized cloud applications and access company data from a wide variety of networks.

In fact, there are some factors that are exacerbating the situation and increasing the risk out of all proportion. If we just think of the increase in the use of collaboration and sharing tools such as Slack, Teams, OneDrive and Dropbox; which have seen a real surge in their use during the pandemic.

Statistical data tells us that the most popular file sharing tools are email (34%), Microsoft SharePoint (26%), OneDrive (23%) and Google Drive (19%).

While the most used unauthorised platforms for sharing files with colleagues are WhatsApp (34%), Google Drive (30%), Facebook (29%) and personal email (29%).

To put this data into context, nearly 40% of employees use unauthorised apps on a daily basis – and 26% use them weekly – to share files with colleagues.

Another factor was certainly the expansion of the workforce in Smart Working. The COVID-19 has forced many employees to work in makeshift offices, but many often also work from cafes, restaurants and outdoor spaces.

And it goes without saying that the network defences typical of a company perimeter cannot intervene here.

The problem is exacerbated by the tendency of employees, especially young people, to stay in an organisation for less time. Employees who do not plan to stay in the company for a long period of time are not so loyal and do not think twice about taking sensitive data outside the company network.

It should come as no surprise, therefore, that a survey carried out by Code42 found that 63% of employees who admit to having taken data from a previous job to a new job are repeat offenders. And these are just those who have admitted the fact.

Often, people who misappropriate sensitive data do not believe they are wrong and do not act with “criminal” intent. Few Insider Threats are really “nefarious”.

Some simply believe that they are “rightfully” in possession of their work in a particular organization – even if it actually belongs to their employer – and exfiltrate the information with the aim of taking it elsewhere and feel authorized to do so.

A full picture of employee activity is required to determine whether someone is a malicious insider, but that there are some clear signs that may indicate suspicious activity to security teams.

A common tactic is to modify file extensions to make a file appear like a picture or song, in an attempt to circumvent detection by security systems and transfer company documents to a personal account.

Exfiltration of files in different formats, or especially in large quantities, could indicate an insider threat.

Even people working outside of hours are historically cited as a clear indicator of insider activity. Paradigm still valid, from a certain point of view.

Risk indicator no. 1? When someone gives notice. A person who resigns has usually already taken the data he or she wanted a week earlier.

And once he leaves, most of his former employers do not reach him.

Code42 figures show that 87% of employees say that companies have not checked whether they took the data when they left the organisation.

How to contain the phenomenon – Containing such a complex phenomenon could be complex, given the technological, but above all human nature of the problem. Here are the steps to ensure maximum resillience:

Periodic Risk Assessment – it is strongly recommended to carry out a thorough risk assessment activity: including vulnerability assessment, penetration testing and network scan.

Security awareness training for all employees – All employees of an organisation must understand that security policies and procedures exist and that there is a good reason why they exist. They must be enforced and that there can be serious consequences for breaches.

Monitoring potentially suspicious behaviour and actions – In addition to monitoring online actions, organisations should carefully monitor other suspicious or disruptive behaviour by employees in the workplace. Policies and procedures should be in place for employees to report such behaviour when they observe it in colleagues, with the necessary follow-up by management.

Immediately terminate all access when an employment relationship is terminated – When an employment relationship is terminated, whether circumstances are favorable or not, it is important that the organization has a strict termination of employment procedure in place that disables all employee access points to the organization’s physical locations, networks, systems, applications and data.

Collect and save data for use in investigations – In the event of an attack by an insider, it is important that the organisation has evidence in hand to identify the insider, which must of course be collected in accordance with data protection legislation.

As always the motto remains: Don’t let your guard down! SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research