Back to top

Sage Data Breach, UK Insider Threat Trends, and How to Mitigate Risks

Farrah Artwell
Farrah Artwell

Over the weekend, Sage, a British enterprise software multinational, experienced a data breach that might have affected nearly 300 UK customers. What's even worse about this? The breach appeared to have been conducted by an insider using unauthorised access to Sage’s IT system. 

The High Costs of Insider-Related Data Breaches in UK Organisations

While high-profile breaches like Sage are more well-known, the majority of UK businesses, large to small, has dealt with security breaches at some point. A PwC survey commissioned by the Department for Business, Innovation and Skills (BIS) found that nearly 9 out of 10 large UK organisations surveyed “now suffer some form of security breach – suggesting that these incidents are now a near certainty.”

On average, UK businesses suffered a loss ranging from £75k - £311k, with larger organisations seeing a loss of up to £3.14m (PwC)

Undoubtedly, the costs of data breaches are not only limited to monetary, but also extended to legal and reputational aspects of an organisation. For instance, highly-regulated financial institutions are required to meet regulatory compliance; retailers worry about exposing customers’ confidential data; and government departments are concerned with leaks of highly-sensitive data. And many times, these breaches are the results of insider jobs – more details are in PwC’s findings below. 

pwc uk insider threat survey


Searching for the Right Insider Threat Detection Tools

Given these trends, your organisation will need to plan proactively to mitigate the risks of insider threats. However, some of the challenges we often hear from our customers are:

  • How can we gather and analyse data from social media, voice messages, notes, and other unstructured data types?
  • How can we accurately classify, monitor, and search across all data to detect non-compliant patterns?
  • Data storage and licensing costs are rising. Are there more cost-effective alternatives?
  • Can we have more flexibility in creating reports and administrative dashboards?

This is where we see search and big data as a highly-scalable, robust approach to address the questions above. And this architecture has worked well for our customers across multiple sectors. 

Search and Big Data for Identifying Insider Threats

Search enables scaling to hundreds of millions (even billions) of records of all types and across multiple sources. Thus, by leveraging content processing, search engines, and big data tools, we were able to build a platform for detecting insider threats that can: 

insider threat compliance application

  • Search over a wide range of content sets, ingested from internal and external sources
  • Store, catalogue, and classify both structured (documented records and transactions) and unstructured (notes, emails, phone calls, and social media conversations) data 
  • Enable in-depth analysis, monitoring, and reporting that can be customised for CIOs, security officers, compliance teams, and other stakeholders. 
  • Perform sentiment analysis to flag non-compliant patterns for security officers to investigate further.

The technologies used in insider threat detection can also be expanded into other critical use cases, such as fraud detection - a key priority of many public and private organisations.

With unprecedented data growth and threats of data breaches, having a solid risk mitigation program is essential to an organisation’s operations. For businesses looking to guard against insider threats but also dealing with traditional software’s data storage costs and lack of customisation, open source search engines and big data tools can offer a practical alternative.

To learn more about insider threat detection approaches and solution architectures, please contact us.

-- Farrah