“When you are in a small boat, you can see who’s paddling hard and who’s looking around.”
- Ev Williams
An ex-Cisco engineer broke into Cisco systems without the company’s permission. The incident occurred five months after he resigned from his position as an engineer at Cisco.
During his unauthorised access, he admitted that he deployed a malicious code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing and other collaboration tools.
As a result of this incident, the 16,000 WebEx Teams accounts were shut down for up to two weeks, which caused Cisco to spend approximately $1.4 million to restore the damage to the application and refund over $1 million to affected customers.
The incident points to a serious insider threat security concern for organisations, specifically to those employees who have left the organisation in “bad terms”.
The Covid-19 pandemic is triggering layoffs in nearly every business sector. In the US, more than 1 million Americans continue to apply for jobless benefits every week.
Many countries have placed severe lockdown on businesses. In Australia, Victoria State has been locked down for over two months.
Call it realism or pessimism, but many businesses won’t survive and not just because of the mass shutdowns.
As companies lay off thousands of people, they put themselves at risk of losing critical data because former employees can walk out the door with sensitive customer information and private records.
Tough times require harsh measures, and layoffs are one of them. Yet many organisations make matters even worse by handling layoffs poorly without realising the potential consequences.
Data Exfiltration: When employees are laid off, the relationship between the employee and the organisation can be soured. This could motivate them to take data with them.
Data Loss: When employees are laid off, they can take it too personally and vent their anger and disgruntlement. If the former employee still has access to systems as well as data, they could intentionally delete or damage files they know to be critical to the business, often referred to as “sabotage”.
Data Leak: When employees are laid off, they could accidentally leak sensitive data that they have access to as a result of their negative and emotional state that they find themselves.
To prepare for an employee departure, organisations must address several areas before the employee’s last day.
A terminated checklist can help you track the various steps an employee needs to complete. The checklist can include the following:
Important: Apart from the checklist, most insiders steal IP within 30 days of leaving an organisation. You should therefore consider a more targeted monitoring strategy for employees and contractors when they give notice of their exit. The time frame should encompass 60-day window - 30 days before turning in their resignation and 30 days after.
This review should include email or any other online activities to ensure that the employee has not emailed sensitive company data outside the organisation
Are you interested in identifying risky behaviour by your employees or other trust partners?
We can provide you with the visibility and insights you need to fully understand how users interact with company data.
Now, with an Insider Threat Assessment, we can provide you with insights in a limited 30-day engagement and get one report assessing your organisation and its most significant risks.
What is the process?
100% of Threat Assessments find some form of undetected, unaddressed security threat. Find out what's really happening in your organisation.