…how often companies botch the termination process for an employee with “destroy the network access” and are then shocked, shocked I tells ya, when the network, is in fact, destroyed. This week’s episode is especially chock full of security fail… Network administrator dude resigns from company over a dispute with a senior manager. His former manager (and close friend) convinces company to keep said dude on as a consultant due to his deep knowledge of said company’s networks (FAIL!!!). Fast forward a few months… the manager/friend now finds out that *he* is about to be laid off. He refuses to hand over some passwords and his buddy logs in using valid credentials from a local McDonalds and deletes a bunch of VMs… according to a story on Wired’s Threat Level Blog…
“The Feb. 3 attack effectively froze Shionogi’s operations for a number of days, leaving company employees unable to ship product, to cut checks, or even to communicate via e-mail,” according to the complaint filed against him, which asserted that the hack cost Shionogi about $300,000. That figure rose to $800,000 in later court documents.
Really, really basic controls broke down here… if someone with “destroy the network access” is upset enough to leave the company (especially in a crappy economy like we are in now) – show them the freaking door and cut all of their access before it hits them in the ass on the way out! And don’t allow vital knowledge to accumulate in one person’s head, making them irreplaceable. Finally, make sure that there are checks and balances in the termination process to insure that these steps are completed quickly and properly. This is infosec 101, people!
RSS - Posts