“Life is short. Have an affair.” So goes the tagline for dating website Ashley Madison, which matches married people looking to have an extramarital relationship. However, the hack and subsequent release of the extremely sensitive personal information for its 37 million users reveals that life, especially in cyber space, is also insecure.
Breaches like this have happened to private and public sector organisations before, but the number, type and sophistication of threats continues to grow and can encompass cyber espionage, crime or attacks. The stakes are very high for some, especially organisations that keep records of sensitive user data that has severe real-world consequences if made public. Losses can amount to more than just financial or system damage – reputations and personal safety are also on the line.
Although the majority of attacks come from external sources, an increasing number of cyber attacks start internally. A 2013 study from security firm Clearswift says one in three employees would sell company secrets for $10,000. Some employees don’t even require monetary incentive; access to company data or intel in the hands of a disgruntled employee can spell disaster.
In an interview after the initial release of data, Noel Biderman, CEO of the company that runs Ashley Madison, said: “We’re on the doorstep of confirming who we believe is the culprit … It was definitely a person here that was not an employee but certainly had touched our technical services.”
Clearly, one person can do a lot of damage. However, not all internal breaches are done maliciously. Employees must understand the role they play in safeguarding against data breaches. Certain departments are more likely to harbour potential cyber security threats as the very nature of some roles mean individuals that work there are given access to sensitive information: finance, information technology and senior management are just a few examples.
The Ashley Madison incident means cyber security is once again making headlines. The reality of today’s business is that all organisations connected to the internet – and that would be most of them – are vulnerable to cyber attacks from within. How can companies hope to protect themselves from a breach when the biggest threat might be within their own walls?
HRMonthly magazine will be featuring an in-depth look into internal cyber threats and what companies can do about them in its October technology issue. To get the full story and receive your copy of this important issue, become an AHRI member today.