But T-Mobile this month reminded us of how serious an internal threat can be. In what U.K. authorities are dubbing one of the biggest data breaches in that country’s history, a resourceful (although ethically challenged) T-Mobile employee is accused of taking millions of pieces of customer data and selling it to company rivals. This situation is the subject of StorefrontBacktalk’s security column this week on the new McAfee security blog.
It’s one of the oldest pieces of security guidance: The biggest threats are always from a company’s employees, not from intruders. But popular perception has never supported this truth because outside intrusions are comparatively highly publicized while internal threats are generally dealt with secretly, with a termination and an offer to avoid prosecution if the thief remains silent.