It has been reported that over 5000 Morrisons staff are suing the supermarket chain after their personal and financial data was leaked by a insider and are seeking compensation for the distress caused by the incident.
Commenting on the news is Paul Norris, Senior Systems Engineer – EMEA at Tripwire, who said:
This biggest chink in the security amour is humans. Despite many of us being trustworthy individuals, there are those insiders that break and severely damage this trust. An insider is the worst possible attack, but is also the hardest thing to uncover. How can you determine one’s motive? Morrisons was none the wiser that this individual was going to leak such critical data. It is extremely difficult to vet everyone who has access to the various networks and sensitive data.
To avoid situations like this, organisations need to know what data is where. This is the first step in selecting the relevant security measures. From there, they can identify who has access to the data and determine the right level of access for individuals or groups of individuals. The organisations would need to ensure that each individual has only the access necessary to do their job. This security measure will greatly reduce the risk of an insider threat.