Growing Threat To Business: Rogue Employees And Vendors
By: Jim Stickley and Tina Davis
November 13, 2019
We’ve all seen the headlines over the past years about data breaches and hacks against mega corporations here and abroad. The data theft of millions of consumers happens when hacking groups and state-sponsored cybercriminals attack corporations. Responsible companies bolster their systems security against outside cybercriminals. But what happens when the threat is coming from “inside the house” and not from an outside hacking enterprise? According to the third-quarter 2019 CNBC Technology Executive Council survey, there is a growing concern among business tech leaders about what’s being called “home invasion” cyberattacks. The reality is rogue employees and company vendors can put a business at risk of cyberattack and this survey finds those in charge of cybersecurity are realizing the growing threat they present.
The CNBC survey shows concerns among tech executives about home invasion attacks rose from 14% to over 18% in the third quarter survey. And for the first time ever in their survey, CNBC found that rogue vendors are now a security concern for businesses. Almost 6% of tech execs now believe outside vendors pose the biggest threat to their cybersecurity. And while the threat of rogue home invasion is growing, the concern about outside cyberthreats declined from 38% to 26%. Very recent attacks in the news may be a reason for concern. A July attack against Capital One stole the accounts of over 1 million customers–the perpetrator was an Amazon employee. Earlier this year, DoorDash food delivery service was also breached, exposing payment and other personal information of almost 5 million customers. The breach was blamed on a “third-party service provider” who was responsible for holding their data in a cloud server. It was discovered the outside vendor did not properly secure the cloud data, which ultimately led to its theft.
Both “home invasions” have something in common–important data was kept in a way that let those with bad intentions access it. It should be a wake-up call to all businesses about the importance of making sure data is properly secured, even from employees and vendors and should also include unintentional error.
Regardless of where the blame gets pointed, businesses must work to mitigate data theft from employees and vendors. Those in charge of cybersecurity need to work closely with their vendors to make sure their system security protects data from all angles of theft opportunities. Plans should be put in place to greatly limit employee access to sensitive customer data to make sure that one rogue employee won’t be able to threaten the future security of any business. Work with your vendors and employees as much as possible to protect information in their care.