Freely subscribe to our NEWSLETTER

Dr Jamie Graves CEO at ZoneFox comments, "while details are still emerging around the Three attack, most suggestions point towards the fact an employee login was used to gain access to critical information. This is seriously worrying for Three and highlights the danger of insider threats, which in effect open a backdoor for criminals to burst through and get hold of highly sensitive customer data.

"The criminals plan appears to have revolved around ordering phone upgrades, intercepting them and selling them on for profit. This might sound like a farfetched idea – but that’s often why such cyber gangs succeed –their plans are so audacious, no one expects them to actually implement them.

"Attacks like this often happen stealthily and wreak havoc rapidly – it’s important companies become more alert to such breaches and realise that they are all vulnerable. Too many businesses focus on threats that come from outside their organisations, which while a warranted focus, simply does not cover all their bases.

"Insider threats can stem from both malicious behaviour from within, but also through unintentional carelessness from even the most diligent of employees. Organisations like Three must ensure they are educating all staff to the importance of secure login details, but also go a step further and ensure they have visibility and control of data flow, within the organisation, so that any unusual or suspicious behaviour can be immediately uncovered and combated. In Three’s case, two-factor authentication and IT user account monitoring should be improved moving forward, to bolster its existing security processes and reduce the likelihood of a similar breach occurring."