The recent insider attack at T-Mobile where an employee stole personal details of thousands of mobile phone customers and was sold to its competitors is the biggest data breach of its kind, according to the Guardian.
This breach isn’t shocking given that the threat environment has seen a massive uptick in recent weeks. Malicious insiders are the root cause of approximately 75% of all breaches - especially in the still-dire economy, people are disgruntled and are looking to capitalize on the sensitive enterprise data that they may have access to.
What’s compelling is that the breach put T-Mobile’s customer information directly in the hands of their competitors in the UK. So now, their competitors know when customer contracts are expiring – so there is a major risk for loss of revenue.
What’s perhaps more scary, and it’s probably too early to tell, is that the customer info being leaked to competitors is bad, but the potential for fraudulent activity is likely very high. So now T-Mobile is going to have to undertake a massive effort at a massive cost to somehow curb the effect of this thing.
Is there a silver bullet to stop data loss on such a large scale? Well, a few things have to be considered. First, a thorough review of access controls on the database regularly is critical to maintaining a protected DBMS environment - and passing database audits.
Second, there is something to be said for knowing what those with access are up to. So database activity monitoring would have alerted administrators that inappropriate activity was happening, which would have in turn allowed administrators and management to take corrective action immediately.
IOUG also reported a 50% increase in breaches from 2007 to 2008, and that about 35% of organizations have their databases are configured securely. With only one in four databases protected, clearly, this is an enormous issue, possibly that contributed this breach, although it seems it was a number of factors.
Organizations really have to look at database security, risk and compliance as an ongoing, continuous and business-critical process that doesn't start when you are breached – it needs to be driven by the security organization with management. We wish them luck and hope they call us to help!
Comments