Comment from Jason Allaway, RES - Three attack
November 2016 by Jason Allaway, RES
Three hack, the comment from Jason Allaway, VP of UK & Ireland at RES.
It appears the vulnerability came from a legitimate employee log-in, which provided the gang with easy access to critical information. On top of this, it bought them valuable time before anyone at Three noticed the unusual behaviour. These are both factors why an insider threat can prove far more dangerous than brute-forcing your way into a network. Any log-in or access details need to be strictly monitored by companies to prevent these kinds of attacks happening.
I believe this points to an issue with the on- and off-boarding processes at Three. Such issues should be addressed by refining and automating such processes to ensure they are protected against risk. New joiners should be granted the correct access, and leavers should be stripped of access entirely. If companies secure the lifecycle, new joiners and those exiting the company will not expose an access point leaving open the door to an opportunistic cybercriminal.
Technology in this sense is one piece of the puzzle, but it isn’t the whole picture. It may be that this log-in was not given out maliciously. Someone may have left themselves logged in or ticked "remember my details" on a public computer - or left a device on the train in their rush to get off at the right stop. By educating staff, the likelihood of these sensitive details falling into the wrong hands can be drastically reduced."