From Layoffs To Ripoffs: Wicked New Threats From Ex-Employees - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
5/27/2009
04:56 PM
Bob Evans
Bob Evans
Commentary
50%
50%

From Layoffs To Ripoffs: Wicked New Threats From Ex-Employees

Most companies are "ill-prepared for an onslaught which could prove calamitous" and face "the greatest security threat of our times" from laid-off workers who are "extremely dangerous," say members of a global security-response team. In these dark days, stealing data's old hat; the new threats include tampering with billing systems, changing customer orders, and altering design documents.

Most companies are "ill-prepared for an onslaught which could prove calamitous" and face "the greatest security threat of our times" from laid-off workers who are "extremely dangerous," say members of a global security-response team. In these dark days, stealing data's old hat; the new threats include tampering with billing systems, changing customer orders, and altering design documents.For you CIOs out there, are you aware of this? If so, have you taken all necessary precautions? If not, what explanation do you plan to use if you get hit and your CEO calls you in and asks how in the name of heaven this could have happened?

Trying to highlight the enormous risk enterprises are facing as hundreds of thousands of white-collar workers lose their jobs, the Forum of Incident Response and Security Teams (FIRST) has issued a "Scared Straight"-style press release in advance of a global meeting in Japan next month, writes my colleague Tim Wilson at our excellent Dark Reading security site.

What struck me about the tone of the comments from FIRST members and other security experts interviewed by Wilson was the consistency in their levels of concern that most organizations are simply doing nothing to prevent what could be some disastrous disruptions and/or corruptions of their operations. And again, they said next to nothing about the threats from organized-crime rings and other external malicious hackers - instead, the entire focus of this latest round of alarms was the huge swath of office workers who've been laid off or fear they are about to be, and don't want to go quietly into unemployment. Writes Wilson:

"One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers," said Scott McIntyre, a FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT). "People know the axe is coming, and the longer employers prolong the swing of that axe, the more danger they expose themselves to, either from sabotage or data theft. An employee who thinks he or she is [going to be laid off] can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data."

But as bad as data theft can be, it gets worse. This new wave of insider threat is also expected to include code-level attempts to sabotage billing systems, product-design systems, customer-ordering systems, and more. Outlining the concerns of FIRST steering committee chair Derrick Scholl, Wilson offers this:

"Sure, an insider is capable of stealing corporate secrets, or customer lists, or destroying computers, but their potential for harm is far worse," [Scholl] states. "Imagine a software company where an insider has the ability to change code in the product without being detected. What if the insider altered design documents or tampered with customer orders? Or ripped out hard drives and corrupted systems just as a big corporation was about to issue its quarterly bills to hundreds of thousands of customers? It's a totally different order of threat, and it requires a different way of thinking."

Wilson's article offers a range of suggestions of how companies can make plans to mitigate these insider threats, and in spite of the global economic downturn that has gutted IT budgets, CIOs are going to have to find ways to devote the necessary people, dollars, and intensity to be as fully prepared as possible.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll