I. Insider threats - more serious than you think
A disgruntled internal auditor with access to a 100,000 employee database copied it to his personal USB stick and uploaded it to a file sharing site.
It resulted in a class action suit costing the company nearly 2.26 million GBP.
Earlier, the employee had misused organisation facilities and was issued a verbal warning. Yet he was entrusted with the data.
CISO check: Do you have granular USB access control processes? Do you perform additional monitoring of personnel with ongoing disciplinary proceedings?
II. Digicert revokes https certificates issued by certain ICAs
Extended Validation certificates issued by Digicert’s ICAs - CertCentral, Thawte, Symantec and GeoTrust were left out of audit reporting and had to be revoked within 5 days.
Intermediate Certificate Authorities (ICAs) had to reissue certificates in a hurry and customers had to apply them in a rush.
CISO check: How do you manage SSL certificates? Who receives notifications from ICAs - security team, application team or procurement?
For weekly CyberInsights and thought provoking questions: