Ruslan Grumble - Fotolia

Police arrest woman in connection with Sage data breach

A woman has been arrested on suspicion of fraud in connection with a data breach at accounting software firm Sage

City of London police officers have arrested a 32-year-old woman employed by accounting software firm Sage in connection with a data breach at the company.

The arrest at Heathrow Airport comes just days after Sage warned someone had gained unauthorised access to employee data at nearly 300 UK firms using an internal login.

The woman was arrested on suspicion of conspiracy to defraud on 17 August 2016, but has since been released on bail.

Sage is based in Newcastle upon Tyne and provides business software for accounting and payroll services to firms across 23 countries.

The company said it had notified all the UK companies affected by the breach and was working closely with the police.

Highlighting that the cost of data breaches are seldom confined to remediation and recovery costs, Sage’s share price fell by as much as 4.3% on the news, but it has since recovered.

The breach also highlighted the need for companies to have the capacity to deal with either the use of stolen user credentials by attackers or the misuse of credentials by company employees.

The problem with insider breaches is that so many of the preventative technologies that companies have spent millions on are powerless to detect malicious activity once the user has been authenticated, said Matthew Ravden, chief marketing officer at security firm Balabit.

“Too much faith has been placed in password-management systems, which a privileged user just logs into and is given unconstrained access to sensitive data,” he said.

“Organisations must put greater emphasis on monitoring and analysing these users in real time to detect unusual activities and stop malicious acts from happening.”

Most organisations still focus on securing their borders, according to Morgan Gerhart, vice-president at security firm Imperva.

“The main problem is that there are no real borders to secure. Corporations are way past the time where there was a clear and defined perimeter to protect,” he said.

Read more about the insider threat

Gerhart added that organisations therefore should assume the borders have already been crossed and their network is compromised, and focus on protecting the data from internal and external threats.

Barry Scott, chief technology officer for security firm Centrify, said that when a data breach occurs – especially using a company account – immediate forensic analysis of the breach is needed to understand its full extent. 

“Audit software should be in place to collect detailed records of activity, and to enable replay of sessions for the user across the whole environment leading up to the event,” he said.

“Insider attacks and threats are often avoidable, either by current or past employees, so long as the right safeguards are in place.”

According to Lieberman Software product strategy vice-president Jonathan Sander, every organisation should shift to a least-trust model for inside security.

“They should even make the goal zero trust. Every scrap of sensitive information should be under a least-permission model in files, folders, email systems, and inside applications. Very rigorous process must be applied to IT administrators and the privileged access they have because it can bypass all your strong security if you're not careful,” he said.

Insider threats are a growing concern for many companies, said Javvad Malik, security advocate at security firm AlienVault.

“Ever since Edward Snowden became the poster child to showcase the immense damage a motivated malicious insider can cause, more efforts have been put into understanding, preventing and detecting this threat,” he said.

Read more on Privacy and data protection

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

So we got one. That's good. But is it really the way we're planning to stop the data thieves? Catch them one at a time, AFTER they've broken through our best efforts at security? Doesn't anyone think we need to work on something a bit more far reaching....
Cancel
Just a very and I mean very small percentage must get caught. If more were caught I hope we would see it in the news. It could be a deterrent for others thinking of doing this in the future. As long as the fines are stiff and harsh jail time... It has to stop somewhere. A few years in jail for stealing millions may be worth the risk to some. If it were say 15 years they may think twice.
Cancel
From what I hear, this was only a breach because Sage's internal information security processes are so poor.

Former employees were still able to logon remotely to their previous accounts & view customer data. Hence the breach.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close