You can keep your firewall up to date, the operating systems patched, applications updated and security protocols documented but users are always an Achilles heel to every system.
A company’s customer data is an asset in need of protection. Sky experienced a whole scale plundering of its customer data by an employee who was in cahoots with a former employee. This person had founded a new business, Digital Satellite Warranty Cover Limited (Digital), repairing and servicing Sky satellite dishes. The accessing of Sky’s confidential customer data was an intrinsic part of the business plan at Digital Satellite Warranty Cover, and is an example of a “purchase key” attack. This is where rather than gain access to a system by say brute force attack over the wire, the attacker simply pays an employee to hand over the data held behind a secure system. In this case the employee was caught by Sky by seeding the data with entries that were only provided to the employee in question.
Back in 2008 the city of San Francisco faced the major issue of a systems administrator going rogue. Terry Childs a disgruntled network systems administrator at the city’s Department of Technology decided that it would be a good idea to lock out all the other administrators from the new FiberWAN Wide Area Network and hold on to his passwords even after police pressure to reveal them. The system was essential to the city’s payroll, justice system including data for the police, courts and city jails. It took a staggering $900,000 attempting to regain control of the network, presumably in consulting fees and brute force computing power to try and crack Child’s passwords. The stand-off only ended after eight days when Childs eventually revealed the passwords to the Mayor of San Francisco. In court, it was identified that Childs had subversively avoided audit checks.
Yung-Hsun Lin a former systems administrator for Medco Health Solutions chose sabotage as his weapon against his employers. Fearing being laid off in a round of job cuts he programmed and planted a script to run after he assumed he would have been made redundant. The script known as a “logic bomb” virus was aimed at wiping out drug trial records, employee payroll information and billing information spread across over seventy servers. It was only through good fortune that another systems administrator identified the code and the system was cleaned before any damage could be done.
Current employees are not the only source of danger, Gucci, the Italian Luxury goods maker experienced an attack six months after it sacked a network administrator. The administrator gained access via an old unauthorised VPN access he had setup whilst still in Gucci’s employment.
Background checks are essential when recruiting IT staff that will have the keys to the kingdom. Continual security audits to identify the systems that administrators have been accessing is essential. Password protocols for who ultimately controls a system must be implemented and reviewed to make sure one individual cannot wrestle control of an entire system from his or her employer. Often outsourcing much of your IT to a cloud provider with experience in these matters is a cheaper option than implementing your own systems.