It's always an unfortunate occurrence when a company gets hit by a cyberattack. When a cybersecurity company gets breached, then the alarm bells should certainly start to ring.
Trend Micro was the latest cybersecurity company to fall victim to a data breach after a rogue staff member accessed, stole, and sold critical data on over 70,000 customers. It is believed the employee gained entry into a customer support database and stole personal information such as names and phone numbers before selling it to a third party. This attack just goes to show you that no enterprise is safe and a cyberattack can hit when you least expect it.
To make matters worse, scammers who had received the stolen information then began phoning the affected individuals and impersonating Trend Micro staff. Victims were especially troubled to find that the criminals knew so much about them when they spoke on the phone. After numerous reports made their way to Trend Micro, an investigation was carried out that determined how the information was stolen and what led to the subsequent attack.
How to protect sensitive data from internal threats
This recent breach underscores a common yet very unfortunate disconnect in IT security today. Oftentimes, perimeter security and fraud/threat detection are deployed without a complimentary deployment of data-centric security which would ensure that the data inside the perimeter is protected, even from those who already have access from within.
No matter how high you build that virtual security wall, the data inside is still vulnerable, no matter if hackers find a way in or if bad actors are already on the inside. One contributing factor is that many companies have a reactive mindset when it comes to data security, rather than proactively looking for ways to prevent incidents before they occur. Instead of just building virtual Maginot lines around data, organizations need to adopt a data-centric security model to protect the data itself from both external and internal threats. In other words, protect what matters most inside the perimeter as well as you protect the perimeter itself.
Cybersecurity best practices, some of them encoded in law, suggest that sensitive data only be stored when absolutely necessary and that access to sensitive data only be granted to those who need it to do their jobs. Furthermore, the sensitive data that is retained should always be protected, no matter if it's in storage, in motion, or in use. Fortunately, there are data security solutions like tokenization that protect the data no matter what and can even make it possible for employees to use and analyze data while it's still in a protected state.
In the Trend Micro case, such an approach could have prevented the harm caused by a rogue employee because although the individual may have had access to the customer service database, the thief would have found that the database contained useless tokens instead of usable data.