Excellent point. Agreed. Do you have any practical tips on how to achieve this? e.g. a) don't collect data unless it's absolutely necessary to the functioning of your product/service. b) encrypt and limit access to only essential people.
But then what if one of those essential people goes rogue or falls victim to a spear-phishing attack or family ransom etc. How do you mitigate that?
Perhaps have a "two keys" to unlock protocol such that two separate team members are always required to unlock sensitive data and i.e. always supervised.
I don't know the solution, genuinely curious how this is solved in practice.
The gist is that as long as your business model is collecting certain data that can be used to identify individuals you must cater for the insider threat and for instance implement segregation of duties. When you do not manage the risk of the data you’re collecting that’s when you end up together with ubiquity.
The engineer that stole the data should have needed to collaborate with at least one peer to exfiltrate it. There should be no way for any individual to take this data and clear himself from the audit logs. Segregation of duties in this instance should have made it possible to detect the event quicker and attribute it to this particular employee.
But then what if one of those essential people goes rogue or falls victim to a spear-phishing attack or family ransom etc. How do you mitigate that? Perhaps have a "two keys" to unlock protocol such that two separate team members are always required to unlock sensitive data and i.e. always supervised.
I don't know the solution, genuinely curious how this is solved in practice.