Insiders Are The Gateway Of Risk

Example: Brazen Airport Computer Theft Has Anti-Terror Fighters Up In Arms

What happened?

On the night of Wednesday, Aug. 27, 2003, two men dressed as computer technicians and carrying tool bags entered the cargo processing and intelligence centre at Sydney International Airport. The men presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sent people to work on computers after normal office hours.

After supplying false names and signatures, they were given access to the top-security mainframe room. They knew the room’s location, so no directions were needed.

Inside, they spent two hours disconnecting two computers, which they put on trolleys and wheeled out of the room, past the security desk, into the lift and out of the building.

What were the consequences?

Customs officers claimed that the two mainframe servers held thousands of confidential files, including top-secret communications between customs investigators and the AFP and ASIO. The officers believed the thieves had insider information because they knew how to bypass security, how to identify themselves and where to go, plus the fact that the mainframe room was regularly entered after hours for maintenance.

Example: Man Bribed AT&T Employees To Install Malware On The Company’s Network

What happened?

Using Facebook as a means to communicate to AT&T employees, the insider promised large payments of money if call centre employees agreed to unlock phones so they could be sold and used outside of AT&T’s network.

The insider paid more than $1 million in bribes to AT&T employees in the mid-2010s.

The scheme lasted only for a few months, until AT&T implemented a new phone unlocking procedure, and call centre employees who had been bribed either left or were fired.

The insider then bribed another employee to install the malware inside AT&T’s Bothell call centre in Washington. The company caught that something was wrong when engineers detected a large number of phone unlocking operations from Bothell.

An internal investigation ended up with AT&T firing and suing former employees on accusations of installing malware on its network, with the company unearthing the connection between the fired employees and the SwiftUnlocks website.

What were the consequences?

The man who bribed AT&T employees to install malware on the company’s internal network was sentenced to 12 years in prison after he illegally unlocked more than 1.9 million phones, causing the U.S. telco to lose in excess of $201 million.

Dealing With Insider Risk

Hopefully by now, you understand that your people are a gateway of risk. When employees leave your organisation, whether permanently or just going home for the evening, there is a risk that they could take, share, divulge or inadvertently open a path for your high-value assets to be harmed. While no organisation can operate successfully without people, people can swiftly become a liability because of their dynamic and mobile nature.

Some questions you need to ask are:

  • How do you shield your high-value assets more effectively?
  • What level of visibility do you have into your trusted business partners’ actions?
  • What visibility do you have of your data? Does it belong to someone else?
  • What unauthorised doors have been created into your organisational network?
  • How well do you offboard departing employees, so that your high-value assets don’t walk out of the door?