Sage data breach: Industry reaction and analysis

Today, accounting and payroll software provider Sage announced that it has suffered a data breach from a suspected insider attack, possibly leaving the personal information of employees at 280 UK businesses exposed.

In light of this latest high-profile security breach to hit the headlines, various industry professionals have offered their reaction and analysis.

Kevin Cunningham, president and founder of SailPoint:

“Being exposed as unprepared and ill-equipped to minimise the damage associated with a breach is a fear of any organisation. Today’s organisations house vastly more sensitive data, and so everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect that sensitive information and ultimately, the health and longevity of the company.

“In today’s digital world, users need access to a myriad of critical systems, applications, and data in order to do their jobs. IT can only do so much to protect the internal infrastructure, but with the right tools in place to put some onus back on the employees they can help alleviate the burden. It falls to the employees and management to ensure that protecting sensitive information is of the utmost importance.”

"In order to prevent or minimise data breaches tied directly to insiders, businesses have to become more user-centric when it comes to security. That means leveraging a comprehensive approach to identity and access management (IAM) programmes, ensuring a single, unified view into and automated control over all user access in 2016 and beyond."

Jon Geater, Chief Technology Officer at Thales e-Security:

“In what is seemingly becoming everyday news in the age of the cyber-attack, this breach once again reaffirms the requirement for organisations of all sizes to adopt dedicated measures - such as data protection, encryption, and key management - to protect critical data.

“We must look further than simply logins and passwords as the single access point to an organisation’s war chest, and with recent global research from the Ponemon Institute revealing employee mistakes are still the most significant threat to sensitive data, organisations have to realise that they are still at risk even if they don't believe they are a target for hackers - which of course they are."

Comment from Eduard Meelhuysen, VP EMEA at Netskope:

“The data breach at Sage is a powerful reminder that although many businesses look to protect their data from outside threats, the uncomfortable truth is that a significant risk often comes from the inside. Whether true human error, compromised account details, malicious insiders or a lack of awareness around IT rules and how to help protect the company’s data, the insider element needs to form part of the wider security strategy along with external threats.

“It has become more difficult to keep track of employee activity, and which data they can access, as enterprise cloud use continues to grow. Mitigating security risks from a company’s entire cloud app ecosystem and on premise systems cannot be completed in one fell swoop.

“Wherever possible, organisations should use policy and employee training to coach staff towards safe courses of action and secure cloud apps without impacting productivity. However, surgical visibility and control, and robust data analytics are also crucially important as they will help differentiate between employees and bad actors. Unusual behaviour or abnormal usage patterns will alert security teams to suspicious circumstances, but only if they have the necessary tools in place for visibility and control of employee behaviour, such as a Cloud Access Security Broker (CASB), and they know what “normal” looks like.

"Watching out for app access from employees who have had credentials compromised in a previous data breach is also key in order to prevent cyber criminals from infiltrating the network by posing as an employee like a wolf in sheep’s clothing.”

Thomas Fischer, Threat Researcher & Global Security Advocate at Digital Guardian:

"Insider threats are almost always preventable if the right people management processes and tools are in place. This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account. Sage also claims that it currently unsure how the data was compromised. Again, with the proper investments in IT security, this should be easily controllable and identifiable within a very short period of time.

"What is perhaps more troubling is the lack of information or proper handling of the breach vis-à-vis the public, especially in the wake of the recent Talk Talk incident. High profile companies should be in a permanent state of alert, and must be prepared to immediately advise not only their customers, but also provide proper and timely information to the public. Communications, be that internally, with law enforcement or externally, are an essential aspect of any good incident and breach response plan."

Image Credit: wk1003mike / Shutterstock