Beware the ‘angry IT worker’
7 May 2015 | 0
Businesses need to be aware of the growing threat of data breaches carried out by employees with detailed IT knowledge and admin access to systems, according to one security expert.
‘Insider threat’ attacks are becoming increasingly common and such an approach is likely to be the cause of the widely-publicised Sony data breach last year, according to Bill Buchanan, professor in the School of Computing, Edinburgh Napier University.
Buchanan has prepared an analysis of 26 million files which have been released following the Sony incident, backing claims from the wider security industry that a Sony employee helped circumvent the company’s firewall and raid its data, rather than a state-sponsored attack by North Korea. He will present the findings in full at an IDG and Fortinet event in London on 14 May.
Buchanan warns that all businesses should be more prepared for such an attack.
“A person who is working in security operations can actually be involved on the darker side,” said Buchanan. “It is possible to have this job and then to take on another more adversarial role. If someone is disgruntled — if they are fired from their position or don’t feel like they are being rewarded — and they still hold the administrator user name and password, they can still do some considerable damage to the organisation.
“Many companies need to understand that when they sack someone who has been working in IT to make sure that their rights are revoked straight away.”
With targeted attacks from both external and internal actors on the rise, all firms need to plan how to prevent breaches.
One method is greater awareness of a company’s public perception — Buchanan claims that the Sony hack in particular can possibly be traced back to the company’s 2011 legal case against hacker George Hotz.
“There is a long line of breaches that have happened with Sony, and you can actually trace the current problems around the large scale data loss from some of the problems that occurred around the time that they tried to sue George Hotz,” he said.
Improved internal security practices are also key to preventing data breaches. “External threats can normally be dealt with using security infrastructure — firewalls and so on. But someone who is sitting in your company probably has trusted access to a whole range of things, especially if they have administrator rights,” he said.
“The lesson is obviously to start to understand that very little data is actually ever deleted from a network, especially as we move towards the cloud.
“Every [communication] that we have, every single event that has been created on the network is recorded probably forever, so it is not too difficult if someone [gets access] to the data on the site to be able to record back events. Increasingly companies need to be using encryption to both protect sensitive information and possibility to destroy it when it is not used anymore.”
IDG News Service