Amazon Ring and Insider Threat
Ring, the Amazon owned home-security company, has admitted firing four employees who accessed users’ videos. The employees had access to the video feeds but exceeded their authorised access by viewing them. This has undoubtedly caused embarrassment for Ring.
Ring has come under fire for its security policies recently. The recent insider incident came everyone’s attention because of a letter written by Amazon to US senators. In the letter Ring admit that four members of staff were viewing videos that they were not supposed to be viewing. This letter was a response to the questions posed to Amazon’s CEO about privacy issues that had been raised previously.
Amazon claimed that it received four complaints over four years about this issue and that it had investigated each one and terminated their contracts. Amazon have not released details of each incident but have said that they are working to limit the number of staff who have access to Ring’s video feeds.
Insider threats come in all shapes and sizes
Insider threats don’t always steal information. They commit fraud and sabotage the organisation too. These Amazon employees intentionally exceeded the access and trust that they had been given. We have seen a growth in insider threat cases over the last two years. This is due to a number of reasons but the digitalisation of society has brought about opportunities and vulnerabilities that didn’t exist for corporations twenty years ago.
What can you do to protect against the insider threat?
Train your staff: in the majority of cases colleagues spot something wrong before other defences do. Train them what to watch out for and why it is important to report.
Reporting: establish an easy and confidential way for employees to flag any concerns they have about staff, contractors or even company security.
Rehearse: Get your senior teams to rehearse what your company would do if you were attacked. How would you handle the media? How would you bring critical services back online?
Technical tools: Identify where your critical assets are and monitor the people with access to them.
For more information on insider threat issues check out our insider threat research HERE
Want some help building your insider threat programme? Get in touch