Image

Image

Organizations are often so focused on protecting their infrastructure and data from external threats that they forget that, like the classic horror film ploy, the call may be coming from inside the house. Employees have access to their organization’s sensitive assets, which is why it isn’t all that uncommon for disgruntled employees to steal data or even accept bribes from cybercriminal groups whose vaults are replenished regularly by the returns of their malicious campaigns. Hopefully, Shopify will have a monitoring system in place that will aid their security team and the FBI in analyzing which accounts have been compromised and how the incident occurred. Organizations should protect themselves from insider threats by designing their environment with least privilege in mind so that only the right people have access to sensitive data at the right time. It is impossible to reduce the risk of a rogue employee intentionally causing a security incident, which is why it is best to have all the measures in place to monitor activity on sensitive servers and to record sessions in the unfortunate event that a forensic investigation becomes necessary.For guidance on how to mitigate the insider threats, please click here.