In an release on Wednesday (Aug. 17), Hypersocket said Sage’s data breach brings the issue of insider threats to light and reveals the need for better access control within the enterprise. That’s in contrast to the often-discussed threat from outside, malicious hackers, Hypersocket said.
“Many organizations already use identity management as a key weapon in their security arsenal,” said Hypersocket CEO Lee Painter in a statement. “This allows a network or system to authenticate the identity of a user through credentials ranging from a simple username and password to digital certificates, physical tokens, biometric factors or a combination of these.”
But problems can arise when companies don’t take steps to safeguard their data from their employees that are authorized to access it, he added.
“The fact that someone has established his or her identity as an employee should not result in unfettered access,” Lee stated. “So, access control and, more specifically, least privilege access should be the very first consideration in any organization’s approach to identity and access management.”
Least privilege access allows authorized employees access to only the data they need and nothing more, Hypersocket explained. According to Painter, companies should consider implementing one-time access protocols for certain employees or adjusting access levels depending on each employee’s requirements.
“Effectively managing least privilege access here requires not only authentication and secure connections but granular controls for each user and the ability to monitor their activities,” Painter continued.
Earlier this week, SME accounting and payroll company Sage revealed that it had been the victim of a data breach, resulting in the compromise of the personal details of about 280 of its employees in the U.K. The breach was the result of unauthorized access to Sage systems via an internal login, the company said, meaning someone in the company logged in using a password they shouldn’t have had.