Cybersecurity and Flawed CPUs

April 3, 2020

Cybersecurity and Printer Security

March 30, 2020

Cybersecurity and the University of Utah Health Breach

March 27, 2020

Cybersecurity and Health Care

March 23, 2020

Cybersecurity and Small Business Training

March 20, 2020

Cybersecurity and the Corona Virus

March 18, 2020

Cybersecurity and Car Key Fobs

March 13, 2020

Cybersecurity and the Zendesk Breach

March 9, 2020

Cybersecurity and Phishing at Medical Centers

March 6, 2020

Cybersecurity and Gaming

March 2, 2020

Please reload

I'm busy working on my blog posts. Watch this space!

Please reload

SunTrust Insider Threat: Potential Issue for 1.5M Clients

June 25, 2018

|

Charles Parker, II

Insider threats have to be taken seriously and accounted for in some form or manner. Although business owners would hope this would not be an issue, and employees can be trusted, at times it still is. Business owners or senior management should always be aware of the potential for insider issues since an attack from the inside has the potential to be devastating, especially when the insider is acting maliciously.

A recent and unfortunate incident involved SunTrust. One of their former employees in February 2018 attempted to steal data on an estimated 1.5M clients. The prior employee’s intent was to sell this to a third party for criminal purposes.

Any data stolen is not a good thing for the institution and the clients. In this case, it could have been much worse. The data stolen was the client’s name, their address, phone number, and account balances. Fortunately, the PII (e.g. social security number, account number, PIN, User ID, password, or driver’s license number) was not.

Although the prior employee did work to copy the data, the employee was not able to remove the data from the bank.

In other insider malicious attacks, the results have been far worse. The more data that is stolen and exfiltrated, the greater level of potential liability. To alleviate a majority of this potential issue, the businesses should put in place a robust program or set of programs to monitor the behavior of employees. This would act to safeguard the data and report issues in a timely manner.

Resources

E-Hacking News. (2018, April 23). SunTrust bank’s former employee stole details of 1.5 million. Retrieved from http://www.ehackingnews.com/2018/04/suntrust-banks-former-employee-stole.html

Zorz, Z. (2018, April 23). Former SunTrust employee stole data on 1.5 million clients. Retrieved from https://www.helpnetsecurity.com/2018/04/23/suntrust-stolen-data/

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.