14 DAY TRIAL // Vodafone Germany has suffered a data breach that resulted in the theft of 2 million customer records. The telecoms giant blamed someone with inside knowledge of the company, apparently a contractor, for the incident.
The information stolen from Vodafone includes names, addresses, dates of birth, bank account numbers and sort codes. Passwords, PINs and other credit card details are not impacted.
Fortunately, the stolen data is not enough to cause too much damage, but impacted users are warned that they might receive phishing emails designed to trick them into handing over more information.
In a statement published on its website, Vodafone noted that its systems met the highest possible security standards, and they were constantly updated and enhanced.
Experts say they don’t doubt this, but the incident highlights the fact that many large organizations tend to neglect the threat posed by insiders.
Recent studies have shown that over half of senior executives name their employees as the greatest cyber security risk. Even the FBI says the US economy suffers losses of billions of dollars each year because of insider threats.
“There is an old adage that you should always inspect what you expect. I'm sure that Vodafone Germany has robust security; the unique challenge that insider threats pose to traditional security measures is that the insider typically has authorized access to the systems and data,” SpectorSoft VP of Operations, Mike Tierney, told Softpedia.
So what can be done to address the threat posed by insiders?
“To secure against the malicious, or disgruntled, insider, companies must put systems in place to monitor, and when necessary alert on, the digital activity of insiders,” Tierney added.
“They must inspect that activity to ensure that the security they expect is not being violated by an insider who has been given legitimate access, and abuses it.”