Sage data breach highlights the risk of the insider threat

A suspect in a recent data breach at Sage, a U.K. provider of business software, has been arrested. On Wednesday, police in London detained a company employee.

The 32-year-old woman was held for alleged fraud against the company, London City Police said. She has since been released on bail.

It’s still unclear what information, if any, may have been leaked. However, Sage, a supplier of accounting and payroll software, began notifying customers about the breach last week.

Between 200 and 300 business clients in the U.K. may have been affected. At the time, Sage said the breach had come from unauthorized access to internal login data.

Security firm the Antisocial Engineer has been in contact with Sage and said a company insider was the prime suspect.

Because Sage’s software handles payroll data, the company has information on their client’s employees, including addresses, insurance numbers, bank account details, the Antisocial Engineer said.

Sage didn’t immediately respond to comment about the arrest. But security experts say the breach underscores the danger of data theft from company insiders.

To protect their systems, companies need to reconsider offering employees unrestricted access to valuable data.

For instance, the access should be tied to individual accounts, said Chris Webber, security strategist at Centrify, an ID management software provider.

“This way you can revoke access simply and quickly, by user, when something goes awry,” he said in an email.

Companies can also consider monitoring their employees’ activities, when accessing sensitive resources, said Mimecast, a provider of business email and data security.

About 45 percent of companies say they are ill-equipped to handle malicious threats from insiders, it found in a recent study.

To ward off the danger, companies can install internal safeguards that can prevent employees from sending sensitive data to anyone outside the network, Mimecast said.

More about CentrifyMimecastSage