Employees leaving by the door can come back through the window

A sysadmin in New York has just been sentenced to two years in prison for hacking his old company.

This sysadmin had been let go by his company in 2010, taking with him all of his credentials. Or maybe he remembered them, no one can prevent that. So after a few days, he logged back on his servers and installed backdoors to ensure easy access later on. Then, he downloaded data that he had worked on when he was still part of the company.

After all that, he ran scripts that were supposed to erase the logs for his actions. The scripts malfunctioned, and the ISP became unreachable for a week. More than 500 businesses and 5000 customers weren’t able to access their online services such as their website, their email etc… Lots of clients were lost, not to mention the company’s reputation took a heavy hit too.

Facing the “leaver” threat efficiently by proper access governance

It is a known fact today, most of the data leaks originate from inside the company. In this precise case, a former employee just logged in to retrieve data from the company that had just fired him. He did some damage when trying to cover his tracks, but he could have destroyed a lot more with the access he still had (deleting all the hosted sites, exposing servers to wild attackers by disabling the protective measures,…).

This story depicts one of the many threats that Brainwave GRC can reduce and monitor. An account remaining active after the employee has left the company should raise flags in the governance system, giving managers a chance to correct the anomaly quickly and easily.

Furthermore, in this story, the account belonged to a system administrator and should have been flagged as a “high privileges” account, given the authorizations it had to access the company’s critical assets.

Brainwave GRC’s added-value : using your own data to its full potential

By cross referencing HR data and applicative accounts, and reconciling these items, this negligence would have been easily highlighted.

Brainwave GRC automates your controls and generates reports on abnormal situations, such as active accounts belonging to leavers with the last login date, and the possibility to highlight contextual informations (organization, job title, manager etc). These abnormal situations can also be easily detected with the solution during access review and certification

Implementing processes for employees and contractors’ departures is conventional when an identity lifecycle management policy is in place, but checking these processes is an underestimated task, when it’s not completely ignored on the medium and long term.

Governance and continuous improvement will help you realize what is done wrong and what could be improved in your company, all this only by using your own data.