What happens when the relationship between you and a trusted employee breaks down either through ill will or just the fact that they are leaving and taking your client database with them? This is the insider threat.
In the case of a “high-profile financial company in Hawaii”, a former employee who wanted to be hired back at a higher salary, used old credentials to access and disrupt company systems by making unauthorised and malicious alterations to the networks, websites, redirecting email and Web traffic.
When caught, Casey K. Umets, pleaded guilty, and is waiting for sentencing in the New Year and could now be fined up to $250,000, 10 years jail time and 3 years supervision on release.
Your takeaway from this is that you need a plans in place to mitigate the insider threat, accepting that you cannot completely eliminate it. 99.99% of organisations (there will always be one!) cannot operate without having to put some trust in someone somewhere.
Here are a couple of ideas to mitigate a member of your team abusing your trust:
- Use monitoring systems to stop the use of portable USB storage
- Have policies and procedures in place to address the Insider threat
- Make your intentions very clear that you will persue any insider cyber incident through legal channel including taking it to the police – which is what happened in the case above.
Let’s hope the UK police would be as vegerous as the FBI and US Attorney.
I am not quite finished…
Talking about the business above – make sure you change any and all credentials for anyone who leaves your organisation – and if you are going to have to let someone go, get their credentials changed whilst they are in the meeting if not before. also manage your credentials – their should never be “old credentials”, they are either active or gone.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
If you must use portable USB drives, then you must read this… – CyberAwake