We work hard to protect our corporate networks from external threats but any security consultant will tell you that the average corporate network is far more at risk of coming to harm by internal hackers than external. Last month, it emerged that an ex-employee of Dallas-based Energy Future Holdings allegedly hacked into the Texas power company’s network and emailed proprietary information to a personal Yahoo account, and modified and deleted files. The intrusion cost the company’s energy forecast system more than $26,000 for a day in March, reports Wired.com.
And almost a year ago, city employee Terry Childs was arrested on four counts of computer tampering with the City of San Francisco’s multimillion-dollar FiberWAN, which holds much of San Francisco’s key records. Childs, who built and administered the network refused to hand over passwords to the network, effectively putting the city on lock-down.
The Texas and San Francisco cases are extreme examples of insider threats. Dong Chul Shin, the former Energy Future Holdings employee had been fired from the company the day he allegedly used his login details to access the corporate network, while San Francisco’s Childs had apparently placed sniffers on the network and discovered that his job was in jeopardy.
Such instances could happen again. A recent survey of 125 companies polled by SailPoint found that 57% of companies lack the transparency needed to prevent insider threats, and only 14% of organizations felt they have adequate controls in place to address the risk of insider threats. Some 17% said that they felt very concerned, and that “It was just a matter of time” before corporate security was compromised.
Although Shin was terminated from his employment he was still able to gain access to the corporate VPN later that day. This oversight is apparently all too common. A full 42% of respondents to the SailPoint survey said they do not have the ability to immediately remove access privileges after a massive layoff. (A full 40% of respondents said their organization had undergone a significant layoff in the last six months.)
So it appears that network monitoring could play a vital role here in mitigating any damages from insider tampering.