Beware the threat from within, says new warning about the hacking risk from unhappy employees
Companies are once again being warned about the security risks to their systems posed by unhappy employees and former members of staff.
The new warning from the FBI and the Department of Homeland Security (DHS) came in a public service notice issued on Tuesday, warning organisations that there has “been an increase in computer network exploitation and disruption by disgruntled and/or former employees.” It adds that organisations risk the theft of their proprietary information, and staff are opting to facilitate these attacks through the use of cloud storage Web sites, like Dropbox, and personal email accounts.
It warned that in many cases, former staff members continued to have access to the computer networks through the installation of unauthorised remote desktop protocol software prior to them leaving the company.
Typical attacks have included attempts by disgruntled or former employees to extort their employer for financial gain. Often, these extortion cases have a financial impact on the organisation concerned, with the notice estimating that victim businesses incur significant costs ranging from $5,000 (£3,053) to $3m (£1.8m).
But attacks also include modifying and restricting access to company Websites, disabling content management systems, and conducting distributed denial of service attacks.
“The FBI and DHS assess that disgruntled and former employees pose a significant cyber threat to US businesses due to their authorized access to sensitive information and the networks businesses rely on,” the FBI and DHS’s note said.
“The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations.”
It also warned that insiders tended to use their access to corporate systems to “destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company.”
There are of course a number of obvious measures that organisations can undertake to minimise the risks posed by unhappy staff, or former employees. This includes regularly reviewing staff access and limiting their access to only the areas they need to do their job.
When a staff member leaves, his or her access should be terminated immediately. When IT personnel leave, all administrative passwords to servers and networks should also be changed. And organisations should ban the use of shared usernames and passwords for remote desktop protocols, and do not use the same login and password for multiple platforms, servers, or networks.
But there are other, less obvious practices that organisations should undertake. This includes letting third party companies that provide technical support or email support, know when an employee has left, so they cannot be duped into providing new access rights. Additionally, companies are advised to restrict Internet access on corporate computers to cloud storage Web sites.
Staff should also not be allowed to install unauthorised software on corporate computers, and daily backups should be maintained. Staff should also be forced to change their passwords to corporate accounts regularly.
Warnings of this nature are nothing new. Last year, a study sponsored by security firm Vormetric found that most organisations do not block privileged users from access to sensitive data.
It also highlighted the fact that one of the biggest data breaches of all time occurred not by a malicious external actor, but by IT contractor Edward Snowden, who was able to take privileged information from the National Security Agency (NSA).
Are you a security pro? Try our quiz!