Desjardins announced Thursday June 20, 2019 that the private information of around 2.7 million of its clients was leaked by an employee. According to a report from CBC, the employee gained access to much of this data by gaining the trust of their co-workers and leveraging that to gain access to their permissions.
“Not every breach is caused by a malicious nation-state. Insiders account for roughly a third of reported breaches,” said Erlin in an email to IT World Canada. “Organizations need to protect against misuse by authorized individuals in addition to malicious external attackers.”
Outside of these technical solutions, when it comes to an attack fueled by human manipulation via gaining access to co-workers permissions, as this breach is being reported as, there is still a human element that needs to be taken into account when looking to prevent similar catastrophes. It can be as simple as implementing better security training so that employees will not allow themselves to be tricked into giving away any permissions or access codes.
“That whole social engineering is exceptionally common. While the types of security incidents and attacks that we see have increased in their sophistication, that doesn’t mean that the technologies become more elegant. They’re not using some super Jason Bourne or James Bond technology here. They’re just using their wit. And they’re being smart about how they do it. And unfortunately, humans, we are the weakest link in all of this.” This article is from our friends at IT World Canada – written by Buckley Smith @itworldca