Thursday 11 June 2009

Careless Talk - Part 2

Earlier this week, the Internet buzzed with rumors about a hack at T-Mobile when the alleged hacker posted information on the security forum Full Disclosure. T-Mobile has now confirmed that the posted information is from one of its documents, but it denies that the information was obtained through a hack and says that no customer information was compromised. This is great news for the company. It's even better news for their customers. But it also points to the most common threat to an organization’s data: the corporate insider.

We have no knowledge of how this information was obtained at T-Mobile, but in an industry that has many employees, contractors, third-party suppliers and partners all with access to a wealth of customer data, it should be no surprise that an insider is very likely involved. It was predicted. Telecommunications service providers have long taken the “defend the edge” approach to security, with a focus on keeping threats off the network. This makes is more difficult to monitor and block an insider from accessing information. For all carriers, assume that your data is under scrutiny from the inside as well as outside and take this week’s happenings as a call to action.

Paul Davie