Cyber security and defence company Trend Micro admits that customer data was stolen and sold by an employee.
The individual was able to access names, email addresses, support ticket numbers, and telephone numbers from the customer-support database. All of this was then sold to a third party.
Trend Micro said it believed approximately 70,000 of its 12 million customers had been affected.
This security incident dates back to early August 2019, where the company were made aware of customers being contacted by scammers impersonating the Trend Micro support team.
It was not until the end of October when the investigation concluded that the security incident was the result of an insider threat.
While Trend Micro emphasised that the employee was able to fraudulently bypass its ‘sophisticated controls’, this wasn’t an isolated case. In May 2019, the company suffered unauthorised access to a single testing lab network by a third party.
Insider Threats On The Rise
This subsequent breach raises the question of whether or not internal hacks are a substantial priority for companies holding highly sensitive data. Typically focusing on protecting the outer perimeter of their organisation, the risk posed by employees can be overlooked.
As a consequence, the number of insider breaches rises every year. The Verizon 2019 Data Breach Investigations report states that 34% of all breaches in 2018 were caused by insiders.
However, insider threats are not always a result of malicious intent. Many data breaches are accidental, born from ignorant or careless user actions.
The Impact Of An Internal Data Breach
Half of employees see no security risk to their employer in sharing work logins.
These negligent tendencies can lead to considerable data loss and company damage.
According to The Ponemon Institute’s Report, “2018 Cost Of Insider Threats: Global Organizations”, the average cost of an insider threat annually is $8.76 million.
Figure taken from the Egress Insider Data Breach Survey 2019
How RiskView Can Help Prevent An Insider Attack
The average time to detect a data breach is 197 days; a time period in which your organisation can suffer serious reputational damage.
DDC AS offers a cost-effective solution that manages your data risk, allowing you to focus on your core business.
Whether intentional or not, RiskView quickly identifies an insider breach by identifying the movement of data, preventing suspicious activity from escalating into a serious attack.
Had Trend Micro chosen to secure its business with RiskView, it would have been equipped with a thorough understanding of how their employees were using and sharing sensitive information.
RiskView provides actionable insights into areas that require immediate attention, allowing you to close risk gaps and avoid prolonged, costly investigations.
What’s more, our intelligent software inspects data from email inboxes, cloud storage, online chat, and devices to locate sensitive information that doesn’t belong there.
Concerned about internal data breaches? DDC AS can help you mitigate the risk of internal hacks and prevent company damage. Contact our data experts for more information on RiskView today.
View More Articles
- 22nd November 2019Why Aren’t HR Managers Prioritising Employee Data Security?
- 14th November 2019Thousands Of Drivers’ Social Security Numbers Exposed In Data Breach
- 11th November 2019Multinational Cyber Security And Defence Company Suffers Insider Data Breach
- 14th October 2019Data: Defining or Divisive
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests