By now you know the drill - another data breach, more identity theft, more records potentially compromised. MassMutual experienced a database breach of employee information over the weekend through a contracted vendor database.
There's some information that's come to the surface already, and it appears they've been able to curb the damages and take the proactive steps to protect employees.
What this breach underscores is the fact that organizations are still not taking the right steps to protect sensitive, confidential information in a comprehensive way. What also persists to be a major issue is the lack of segregation of duties in the database.
As the unemployment rate hovers around 10% and organizations are still slashing headcount, roles and privileges to data still exist, possibly even if that employee has been let go, has moved on or has been reassigned. When those access controls still exist, organizations are at risk.
Databases contain sensitive information are large, enterprise organizations. 99% of enterprise data exists in some form inside a database. Yet with breach numbers up to 340,102,273 you'd think there would be a massive call to action for organizations who have are facing a radically scaled-up threat environment.
Comments