Wednesday, October 29, 2008

Virtual sabotoge gets real

In Connecticut, a fired contract network administrator logged in to his former employer's servers from home and sabotaged core IT resources. Fortunately, he was caught and is being sentenced to prison, has been ordered to pay some restitution and may face additional fines from the court. But how does something like this happen in the first place?

Why didn't the firm immediately change administrator access credentials when the contract was terminated?

To me, that is the most obvious failure in the entire episode. Surely, we are not going to improve human nature. As society continues its downward spiral, we must continuously challenge the assumptions that underlie security strategy and execution. But even if the assumptions are sound, and if the policies are prudent, all of it relies upon execution.

Somewhere along the line, someone failed to execute the most basic and fundamental of security procedures. There is no excuse for this. We all make mistakes, of course, and the person who made that one should be held fully accountable.

When was the last time your firm conducted a security audit? Have you reviewed existing network accounts to verify that terminated users no longer have any access? Are your privileged accounts protected by additional security measures? Has anyone checked lately to see if those security measures are carried out?

Addressing these questions need not be expensive or intrusive.
Failing to address these questions can be catastrophic.

News Story on CIO Magazine: Former Worker Sentenced

No comments:

Post a Comment