In what appears to be a growing trend, displaced employees are turning to cybercrime using their corporate data access to steal, exploit and damage information networks, and may have cost businesses as much as $1 trillion globally according to a new study from McAfee and Purdue University’s Center for Education and Research in Information Assurance and Security
Although insiders have always posed a threat to information security, the report warns that the global recession is putting vital information at greater risk than ever before.
The report, Unsecured Economies: Protecting Vital Information was released last week at the World Economic Forum and suggests that the economic downturn is increasing the security risk for corporations with 42 percent of respondents reporting that displaced workers were the biggest threat to sensitive information on the network.
Employees with Sabotage on Their Minds
The most recent example can be found in disgruntled Fannie Mae engineer Rajendrashinh Makwana who was indicted for allegedly planting a logic bomb in the mortgage lender’s computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. “Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week,” said FBI Special Agent Jessica Nye.
According to some reports this breach may have been averted had Fannie Mae terminated Makwana’s network access immediately after firing him.
Last year, Terry Childs, a San Francisco computer engineer was charged with masterminding the hijacking of the city’s network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.
In another 2008 incident, 21 year old David Everett, a tech support person at Wand Corporation decided to turn to cybercrime to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett pleaded guilty to computer hacking charges and now faces 10 years in prison.
Clearly, corporations must begin to proactively protect themselves against insider cybercrime.
Minimizing and Preventing Insider Threats
Given data theft by insiders tends to have greater impact due to the higher level of data access, it could mean greater financial risk to corporations – especially when combined with today’s plummeting economy.
Consequently, it is imperative corporations implement best practices to prevent or at least minimize potential cyberattacks by disgruntled former employees.
Although several years old, a Carnegie Mellon University report titled The Common Sense Guide to Prevention and Detection of Insider Threats (PDF), is still a valuable resource. The paper describes each practice briefly, explains why it should be implemented, and offers one or more case studies illustrating what could happen if it is not implemented.
Summary of Best Practices for the Prevention and Detection of Insider Threats
- Institute periodic enterprise-wide risk assessment
- Institute periodic security awareness training for all employees
- Enforce separation of duties and least privilege
- Implement strict password and account management policies and practices
- Log, monitor, and audit employee online actions
- Use extra caution with system administrators and privileged users
- Actively defend against malicious code
- Use layered defense against remote attacks
- Monitor and respond to suspicious or disruptive behavior
- Deactivate computer access following termination
- Collect and save data for use in investigations
- Implement secure backup and recovery processes
- Clearly document insider threat controls
