How To Prevent IT Sabotage Inside Your Company
By Todd R. Weiss, CIO.com 22-Aug-2011
Preventing external attacks to IT systems is a huge and critical task for most companies, but what are businesses doing to stop similar attacks when they come from within? That's a question that more companies should be asking themselves as internal IT sabotage cases regularly hit businesses hard, causing big monetary losses and often knocking companies offline for days or weeks.
Last week, a 37-year-old former IT staff member for the U.S. subsidiary of Japanese drug company, Shionogi, pleaded guilty to remotely infiltrating and sabotaging the company's IT infrastructure this past February. The damage scrambled the company's operations for days and cost Shionogi more than $800,000 in damages, according to IDG News Service.
The former employee, Jason Cornish, logged in to the network using a hidden virtual server he had previously created, then wiped out the company's virtual servers one by one, taking out e-mail, order tracking, financial and other services, according to IDGNS and court filings. IDGNS also reported that Cronish's former boss at Shionogi refused to turn over network passwords and was eventually fired.
IT security analysts said that incidents like this should be clear reminders that companies need to be working harder to fight back against such attacks on a regular basis using basic security steps and common sense. It is key to remember that intrusion threats can come from within your corporate walls at any time, not just from outside your firewalls.
"The thing to do is to try to separate the duties out so that anything that happens would require collusion between more than one person to perpetuate fraud or do damage," said Pete Lindstrom, an analyst with Spire Security. "The way you separate this is to have proactive steps and a logging or monitoring system that will record activity to other systems. It generates their tracks."
The challenge, Lindstrom said, is that IT insiders are often experts in their departments and they know how to work around such protections. "At this stage, it's a tricky game. A really clever attacker can do a lot to hide himself."
In addition to maintaining a separation of duties, it is important to really know who your company is hiring to take on critical IT tasks. "Certainly you should be doing background checks," Lindstrom said. "If you knowingly hire someone who has a history of hacking that's a risk you need to know about."
Companies should also work hard to limit the use of IT administrator accounts that are shared between several people, he said. "It's where you can run into problems," Lindstrom said. "You should try to minimize that. Try to convince administrators that they don't really want the responsibility of all this access because every cop knows that every crime is an inside job and if something happens, they'll be an early suspect."