Most companies are "ill-prepared for an onslaught which could prove calamitous" and face "the greatest security threat of our times" from laid-off workers who are "extremely dangerous," say members of a global security-response team. In these dark days, stealing data's old hat; the new threats include tampering with billing systems, changing customer orders, and altering design documents.For you CIOs out there, are you aware of this? If so, have you taken all necessary precautions? If not, what explanation do you plan to use if you get hit and your CEO calls you in and asks how in the name of heaven this could have happened?
Trying to highlight the enormous risk enterprises are facing as hundreds of thousands of white-collar workers lose their jobs, the Forum of Incident Response and Security Teams (FIRST) has issued a "Scared Straight"-style press release in advance of a global meeting in Japan next month, writes my colleague Tim Wilson at our excellent Dark Reading security site.
What struck me about the tone of the comments from FIRST members and other security experts interviewed by Wilson was the consistency in their levels of concern that most organizations are simply doing nothing to prevent what could be some disastrous disruptions and/or corruptions of their operations. And again, they said next to nothing about the threats from organized-crime rings and other external malicious hackers - instead, the entire focus of this latest round of alarms was the huge swath of office workers who've been laid off or fear they are about to be, and don't want to go quietly into unemployment. Writes Wilson:
"One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers," said Scott McIntyre, a FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT). "People know the axe is coming, and the longer employers prolong the swing of that axe, the more danger they expose themselves to, either from sabotage or data theft. An employee who thinks he or she is [going to be laid off] can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data."
But as bad as data theft can be, it gets worse. This new wave of insider threat is also expected to include code-level attempts to sabotage billing systems, product-design systems, customer-ordering systems, and more. Outlining the concerns of FIRST steering committee chair Derrick Scholl, Wilson offers this:
"Sure, an insider is capable of stealing corporate secrets, or customer lists, or destroying computers, but their potential for harm is far worse," [Scholl] states. "Imagine a software company where an insider has the ability to change code in the product without being detected. What if the insider altered design documents or tampered with customer orders? Or ripped out hard drives and corrupted systems just as a big corporation was about to issue its quarterly bills to hundreds of thousands of customers? It's a totally different order of threat, and it requires a different way of thinking."
Wilson's article offers a range of suggestions of how companies can make plans to mitigate these insider threats, and in spite of the global economic downturn that has gutted IT budgets, CIOs are going to have to find ways to devote the necessary people, dollars, and intensity to be as fully prepared as possible.