Multinational Cyber Security And Defence Company Suffers Insider Data Breach

11th November 2019

Cyber security and defence company Trend Micro admits that customer data was stolen and sold by an employee.

The individual was able to access names, email addresses, support ticket numbers, and telephone numbers from the customer-support database. All of this was then sold to a third party. 

Trend Micro said it believed approximately 70,000 of its 12 million customers had been affected.

This security incident dates back to early August 2019, where the company were made aware of customers being contacted by scammers impersonating the Trend Micro support team. 

2019 is on track to be the worst year on record for data breach activity. 

It was not until the end of October when the investigation concluded that the security incident was the result of an insider threat.  

While Trend Micro emphasised that the employee was able to fraudulently bypass its ‘sophisticated controls’, this wasn’t an isolated case. In May 2019, the company suffered unauthorised access to a single testing lab network by a third party.

The steps you should take if your data has been breached

Insider Threats On The Rise

This subsequent breach raises the question of whether or not internal hacks are a substantial priority for companies holding highly sensitive data. Typically focusing on protecting the outer perimeter of their organisation, the risk posed by employees can be overlooked. 

As a consequence, the number of insider breaches rises every year. The Verizon 2019 Data Breach Investigations report states that 34% of all breaches in 2018 were caused by insiders. 

However, insider threats are not always a result of malicious intent. Many data breaches are accidental, born from ignorant or careless user actions.

The Impact Of An Internal Data Breach

Half of employees see no security risk to their employer in sharing work logins. 

These negligent tendencies can lead to considerable data loss and company damage. 

According to The Ponemon Institute’s Report, “2018 Cost Of Insider Threats: Global Organizations”, the average cost of an insider threat annually is $8.76 million. 

impact of an insider data breach

Figure taken from the Egress Insider Data Breach Survey 2019

How RiskView Can Help Prevent An Insider Attack

The average time to detect a data breach is 197 days; a time period in which your organisation can suffer serious reputational damage. 

DDC AS offers a cost-effective solution that manages your data risk, allowing you to focus on your core business. 

Whether intentional or not, RiskView quickly identifies an insider breach by identifying the movement of data, preventing suspicious activity from escalating into a serious attack. 

Had Trend Micro chosen to secure its business with RiskView, it would have been equipped with a thorough understanding of how their employees were using and sharing sensitive information. 

RiskView provides actionable insights into areas that require immediate attention, allowing you to close risk gaps and avoid prolonged, costly investigations. 

What’s more, our intelligent software inspects data from email inboxes, cloud storage, online chat, and devices to locate sensitive information that doesn’t belong there. 

Concerned about internal data breaches? DDC AS can help you mitigate the risk of internal hacks and prevent company damage. Contact our data experts for more information on RiskView today. 


View More Articles