Secret Service: Inside Attacks Generally Launched By Problem Employees
The key indicator is a repeat "problem child" who continually argues with fellow employees, complains about salary or benefits, or is otherwise aggressive or hostile.
Brian Robak, a network security analyst at National Cooperative Bank, used to manage the company's help desk workers back when he was the LAN manager. Being a manager is never an easy chore, but there was one employee who generally made his job a nightmare.
Robak says he was reluctant to take the management position in the first place because of this one woman who was hired to lead the help desk. Far from being a leader, she was the epitome of the problem employee. She had a bad attitude, he says, and apparently felt no qualms about displaying it. Assigned the task of being a liaison with the users at the bank, Robak frequently had to deal with complaints that she would end a conversation with a user by cursing about them and slamming the phone down. The cursing part came while the user was still on the line.
Robak says the problems started about six months into her tenure at National Cooperative and she continued to work there for about another three years.
"She was a beast," he says. "And she was even worse to other technical people when she'd have to talk to them on the phone." Robak says she got into a screaming match with him over summer hours, loudly informing him that he wasn't the boss of her. The help desk manager's own boss had to come running to deal with the situation.
This behavior didn't get her fired, however. The bank had a policy of working with employees and trying really hard to iron out bad situations. They offered her free conflict-management counseling.
Ultimately, she was caught giving her friends in the bank higher levels of access than they were supposed to have. A domain administrator, the woman had full access to all of the bank's workstations and servers. She changed access rights for her pals, allowing them to bypass the Web proxy used to restrict access to objectionable Web sites. Ignoring company security policies, she even allowed her friends to download prohibited software, potentially opening the network up to virus and hacker attack.
The woman eventually left to take another job. "As her manager, I was genuinely concerned that she was putting our network in danger," says Robak, adding that late in her time at the bank he restricted her server access.
Robert Sica, special agent in charge at the U.S. Secret Service, would contend that the bank got off easy. It could have wound up going very badly, as it has in other situations, where a disgruntled insider has caused major systems or network damage.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.