Laid Off Employees Turning to Cybercrime
In what appears to be a growing trend, displaced employees are turning to cybercrime using their corporate data access to steal, exploit and damage information networks, and may have cost businesses as much as $1 trillion globally according to a new study from McAfee and Purdue University's Center for Education and Research in Information Assurance and Security
Although insiders have always posed a threat to information security, the report warns that the global recession is putting vital information at greater risk than ever before.
The report, Unsecured Economies: Protecting Vital Information was released last week at the World Economic Forum and suggests that the economic downturn is increasing the security risk for corporations with 42 percent of respondents reporting that displaced workers were the biggest threat to sensitive information on the network.
Employees with Sabotage on Their Minds
The most recent example can be found in disgruntled Fannie Mae engineer Rajendrashinh Makwana who was indicted for allegedly planting a logic bomb in the mortgage lender's computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. "Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week," said FBI Special Agent Jessica Nye.
According to some reports this breach may have been averted had Fannie Mae terminated Makwana's network access immediately after firing him.
Last year, Terry Childs, a San Francisco computer engineer was charged with masterminding the hijacking of the city's network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.
In another 2008 incident, 21 year old David Everett, a tech support person at Wand Corporation decided to turn to cybercrime to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett pleaded guilty to computer hacking charges and now faces 10 years in prison.
Clearly, corporations must begin to proactively protect themselves against insider cybercrime.
Minimizing and Preventing Insider Threats
Given data theft by insiders tends to have greater impact due to the higher level of data access, it could mean greater financial risk to corporations - especially when combined with today's plummeting economy.
Consequently, it is imperative corporations implement best practices to prevent or at least minimize potential cyberattacks by disgruntled former employees.
Although several years old, a Carnegie Mellon University report titled The Common Sense Guide to Prevention and Detection of Insider Threats (PDF), is still a valuable resource. The paper describes each practice briefly, explains why it should be implemented, and offers one or more case studies illustrating what could happen if it is not implemented.
Summary of Best Practices for the Prevention and Detection of Insider Threats
- Institute periodic enterprise-wide risk assessment
- Institute periodic security awareness training for all employees
- Enforce separation of duties and least privilege
- Implement strict password and account management policies and practices
- Log, monitor, and audit employee online actions
- Use extra caution with system administrators and privileged users
- Actively defend against malicious code
- Use layered defense against remote attacks
- Monitor and respond to suspicious or disruptive behavior
- Deactivate computer access following termination
- Collect and save data for use in investigations
- Implement secure backup and recovery processes
- Clearly document insider threat controls
Share
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I don't think cyber crimes have increased drastically. People are just noticing things like these more now since the media is more transparent and awareness of technology has increased.
It is utterly impossible to protect against all cybercrime. I was a mainframe systems programmer. I know that there has to be, at some point in the chain, some person or persons allowed access to the "deepest guts" of a mainframe, to allow updates to the OS. Even head computer operators may have access to privileges entailing vulnerability.
Prevention? Some sort of "brainwashing" in advance...? It ultimately amounts to trust.
Detection? Place *automated* tracking in place... But rest assured, a person savvy enough to earn your respect as a qualified systems programmer, will easily be able to circumvent your tracking mechanisms.
Reminds me of a time I got suspended from school. I wouldn't call it cyber crime, but I was somewhere I wasn't supposed to be. Oh yeah, and their servers crashed (I don't know how that happened). Lol.
If the ongoing economic downturn is requiring you to search for a new apartment, be sure to check out our search service. This product allows you to search for apartment listings from over thousands of sources, in over 20 metro locations.
http://apartments.cazoodle.com
What are you? A fucking cop?
URL FAIL laid_off_employees_turning_to.php
Go, man!
If you're laying off someone who has access - be ready for the backlash. If your systems are so poor that they can be hacked, you shouldn't be laying off the people who can hack them to begin with.
this site rocks