Skip to content

More Reasons to Consider DLP

by on March 18, 2014

Another high profile organisation fell victim to data loss this week, this time as a result of what appears to have been an internal breach. Wm Morrison, one of the UK’s most popular supermarket retailers, was forced to admit that the salary and bank account details for 100,000 of its staff were stolen and published online. As reported in the Telegraph (http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/10697659/Morrisons-woes-deepen-with-payroll-theft.html), it is understood that the payroll data was leaked from within the company and then published on the internet for several hours until it was removed. A disc containing the data was also sent to a local newspaper in Bradford, where Morrisons is based.

In a statement, a spokesperson from Morrisons was quick to refute any suggestions of hacking, instead implying that the breach was an inside job and “not the result of an external penetration of our systems”.  The company said it is now working with police to identify the person responsible but stressed that no customer data had been lost and that employees would not be left “financially disadvantaged”.

As an ‘insider threat’, the breach raises some serious questions as to how such sensitive HR data could be freely accessed. Were staff able to simply browse servers without having to enter a password?

With so many instances of external breaches, as a result of DDoS or malware attacks, many organisations grossly underestimate the risks lurking within a company – instead concentrating on implementing firewalls and intrusion-detection systems to protect against external attack.  But, as this latest breach shows, insider threats are every bit as damaging.  This is why it is so important to have a solid internal data loss prevention strategy in place; staff access should be restricted and all data should be encrypted as standard. With a multi-layered approach to security, businesses will be better placed to identify suspicious activity before a breach can occur.

From → pentura

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: