SunTrust Bank Inc. disclosed Friday that a former employee may have stolen details of as many as 1.5 million customer accounts in a case that many believe highlights the need for companies to improve internal security.

According to CNBC, the former employee of the Atlanta, Georgia-based regional bank “may have” attempted to download some information on nearly 1.5 million clients and share it with a criminal third party. The information is believed to be limited to names and account balances but not personally identifiable information, such as social security numbers, account numbers, pins, user IDs, passwords or driver’s license numbers.

“Let’s be clear that an external breach did not happen here,” Mike Banic, vice president of marketing at Vectra Networks Inc., told SiliconANGLE. Instead, he pointed out, an employee tried to sell names and account balances but no other personally identifiable information.

“Financial organizations need even better controls on their internal network to detect threats, including improper use of credentials or administrative protocols, on critical assets that store PII or Private Health Information,” Banic said. “While the recent Attacker Behavior Industry Report indicates that the financial services industry has the fifth-lowest rate of attacker behaviors, with roughly 1,500 per 10,000 devices or workloads, attacker behaviors exist and teams need tools to empower them to triage, prioritize and respond.”

David Ginsburg, vice president of marketing at Cavirin Systems Inc., said this is another example of what he calls the weakest link in security: employees. “A proper cyberposture strategy includes multiple layers of defense – perimeter, OS, applications, data, etc. IT must deploy a set of controls and policies that can prevent this type of breach, either intentional or nonintentional.”

Noting that the case is interesting in an age where “we see constant reports of data breaches caused by cybercriminals and nation-state actors,” Nathan Wenzler, chief security strategist at asTech, said companies especially need to heed the danger from inside their firewalls.

“Inside threats are a very real and very significant problem, especially if you’re dealing with an employee who may be disgruntled or who is otherwise motivated to cause the business as much harm as possible,” Wenzler said. “It’s an even harder problem to deal with if the employee was given legitimate, authorized access to critical data at any point as part of their normal job duties, as it gives them a level of familiarity with the data and relevant systems that an outside attacker may not have.”

Organizations must make sure they are managing who has access to their critical data assets at all times, including when employees move between teams or leave the company, Wenzler added. “Collectively speaking, we can’t keep only looking outward to identify threats,” he said. “Sometimes, the most dangerous attackers are the ones we already know and have been brought into our organizations.”

Brian Contos, chief information systems officer at Verodin Inc., added that although there are plenty of solutions designed to protect the theft of sensitive data, most of them simply detect and report on suspicious activity instead of actually blocking malicious activity because they want to avoid false positives.

“Organizations need to be able to validate the efficacy of their security controls across their production environments and instrument them in order to get value,” Contos insisted. “Anything else is simply guesswork and assumptions, and as long as that’s the norm, data theft will continue to be commonplace.”

Photo: jeepersmedia/Flickr