August 15, 2016
On Friday, Sage (an accounting, payroll and payments software company) announced that there had been unauthorised access to customer information using an internal login.
Sage is one of Britain’s largest technology companies, and it says it has more than 6 million small and medium-sized businesses using its software worldwide, while operating in 23 countries.
The breach, however, is said to have only impacted customers in the UK.
This is the latest high profile data breach in an age where cyber attacks are commonplace.
Indeed, it is reminiscent of the 157,000 TalkTalk customers who had their personal information hacked last year.
The company suffered as a result, losing 101,000 customers and nearly £80 million in the cyber scandal.
The implications of this attack on Sage, however, may be more sinister.
In the cyber security game the greatest impetus is placed on external threats, but the “reality is that a significant risk often comes from the inside”, according to Eduard Meelhuysen, vice president at Netskope (a cloud access security broker).
“Whether true human error, compromised account details, malicious insiders or a lack of awareness around IT rules and how to help protect the company’s data, the insider element needs to form part of the wider security strategy along with external threats.”
Indeed, Jon Geater, chief technology officer at Thales e-Security points out that employee mistakes are the most significant threat to sensitive data.
Sage has acted commendably, however, according to Peter Dalton and Krysia Oastler, both Associates at Kemp Little LLP. They have notified the ICO, which will become a legal requirement under the GDPR, and have taken a proactive, open approach in dealing with the media and their clients, in order to minimise losses.