Amazon Ring Insider Threat

Ring, the Amazon owned home-security company, has admitted firing four employees who accessed users’ videos. The employees had access to the video feeds but exceeded their authorised access by viewing them. This has undoubtedly caused embarrassment for Ring.

What happened?

Ring, the Amazon owned home-security company, has admitted firing four employees who accessed users’ videos. The employees had access to the video feeds but exceeded their authorised access by viewing them. This has undoubtedly caused embarrassment for Ring.

Ring has come under fire for its security policies recently. The recent insider incident came everyone’s attention because of a letter written by Amazon to US senators. In the letter Ring admit that four members of staff were viewing videos that they were not supposed to be viewing. This letter was a response to the questions posed to Amazon’s CEO about privacy issues that had been raised previously.

Amazon claimed that it received four complaints over four years about this issue and that it had investigated each one and terminated their contracts. Amazon have not released details of each incident but have said that they are working to limit the number of staff who have access to Ring’s video feeds.

 

Insider threats come in all shapes and sizes

Insider threats don’t always steal information. They commit fraud and sabotage the organisation too. These Amazon employees intentionally exceeded the access and trust that they had been given. We have seen a growth in insider threat cases over the last two years. This is due to a number of reasons but the digitalisation of society has brought about opportunities and vulnerabilities that didn’t exist for corporations twenty years ago.

 

What can you do to protect against the insider threat?

Train your staff: in the majority of cases colleagues spot something wrong before other defences do. Train them what to watch out for and why it is important to report.

Reporting: establish an easy and confidential way for employees to flag any concerns they have about staff, contractors or even company security.

Rehearse: Get your senior teams to rehearse what your company would do if you were attacked. How would you handle the media? How would you bring critical services back online?

Technical tools: Identify where your critical assets are and monitor the people with access to them.

For more information on insider threat issues check out our insider threat research HERE

Want some help building your insider threat programme? Get in touch

 

Related Posts

Behaviour Change in your organisation (short video)

Behaviour Change in your organisation (short video)

Getting your staff to change their security behaviour It is often submitted that fear is bad. Actually, from a behavioural science perspective we know fear is the most effective tool for stimulating behavioural change. Fear of crime is necessary but not sufficient to...

Hacked! Right Match Singles suffers a data breach..

Hacked! Right Match Singles suffers a data breach..

Cyber Security Awareness Month Special: "Hacked" What would you do if your company was hit by a cyber attack? Do you have a plan? A crisis management team in place? Many companies don't have a plan or haven't tested that plan.  For Cyber Security Awareness Month 2020...

Get staff engaged for Cybersecurity Awareness Month

Get staff engaged for Cybersecurity Awareness Month

October is ECSM, a month-long European event promoting good cyber security practices and safety. This years themes are: Digital skills:  personal data protection, cyber bullying and cyber stalking establishing good practices online.  Cyber scams: cyber threats such as...