Home Laid Off Employees Turning to Cybercrime

Laid Off Employees Turning to Cybercrime

In what appears to be a growing trend, displaced employees are turning to cybercrime using their corporate data access to steal, exploit and damage information networks, and may have cost businesses as much as $1 trillion globally according to a new study from McAfee and Purdue University’s Center for Education and Research in Information Assurance and Security

Although insiders have always posed a threat to information security, the report warns that the global recession is putting vital information at greater risk than ever before.

The report, Unsecured Economies: Protecting Vital Information was released last week at the World Economic Forum and suggests that the economic downturn is increasing the security risk for corporations with 42 percent of respondents reporting that displaced workers were the biggest threat to sensitive information on the network.

Employees with Sabotage on Their Minds

The most recent example can be found in disgruntled Fannie Mae engineer Rajendrashinh Makwana who was indicted for allegedly planting a logic bomb in the mortgage lender’s computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. “Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week,” said FBI Special Agent Jessica Nye.

According to some reports this breach may have been averted had Fannie Mae terminated Makwana’s network access immediately after firing him.

Last year, Terry Childs, a San Francisco computer engineer was charged with masterminding the hijacking of the city’s network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.

In another 2008 incident, 21 year old David Everett, a tech support person at Wand Corporation decided to turn to cybercrime to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett pleaded guilty to computer hacking charges and now faces 10 years in prison.

Clearly, corporations must begin to proactively protect themselves against insider cybercrime.

Minimizing and Preventing Insider Threats

Given data theft by insiders tends to have greater impact due to the higher level of data access, it could mean greater financial risk to corporations – especially when combined with today’s plummeting economy.

Consequently, it is imperative corporations implement best practices to prevent or at least minimize potential cyberattacks by disgruntled former employees.

Although several years old, a Carnegie Mellon University report titled The Common Sense Guide to Prevention and Detection of Insider Threats (PDF), is still a valuable resource. The paper describes each practice briefly, explains why it should be implemented, and offers one or more case studies illustrating what could happen if it is not implemented.

Summary of Best Practices for the Prevention and Detection of Insider Threats

  1. Institute periodic enterprise-wide risk assessment
  2. Institute periodic security awareness training for all employees
  3. Enforce separation of duties and least privilege
  4. Implement strict password and account management policies and practices
  5. Log, monitor, and audit employee online actions
  6. Use extra caution with system administrators and privileged users
  7. Actively defend against malicious code
  8. Use layered defense against remote attacks
  9. Monitor and respond to suspicious or disruptive behavior
  10. Deactivate computer access following termination
  11. Collect and save data for use in investigations
  12. Implement secure backup and recovery processes
  13. Clearly document insider threat controls

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.