Recent security breaches offer a textbook case of what happens when security systems allow unfettered access to the network, even in the presence of MFA. Recently, a fintech company claimed that a hacker social engineered a customer service agent in order to download information on millions of customers now for sale on the dark web.
Focusing on the fact that one person was tricked is common. Twitter did it about a year ago when highly visible accounts were compromised through what they called, “A sophisticated social engineering attack.” SolarWinds pointed to an intern after their massive security failure. If tricking one user causes a massive data breach, it is not the user’s fault. The entire security program failed.
Highly skilled and motivated criminals will inevitably trick one employee out of thousands. If you don’t expect a user to fail, let alone act maliciously, you may want to review your security program. It is inevitable that a user account will be used maliciously in a financial organization.
Layers of protection, such as those provided by default in zero trust environments, provide the protections that limit what an account can access. Likewise, there should be other measures in place to detect large volumes of data access and downloads. Data leak prevention, TLS/SSL inspection, among other technologies should prevent data exfiltration.
The takeaway is that breached organizations should shift attention from single users to technology environments that allowed the compromise of credentials to lead to massive breaches in the first place.
What to read next