I just finished reading a post on The Register describing an incident where an employee of Steven E. Hutchins Architects, a firm in Jacksonville, Florida, went on what was described as a "silent rampage" when she deleted seven years of drawings worth an estimated $2.5 million, from the firm's server. The full story was reported in the First Coast News and can be read here.
Apparently, the employee had come across an advertisement for a job at the firm that sounded remarkably similar to her position. Assuming she was about to be terminated, she opted for a pre-emptive strike, got into the firm after hours and spent several hours deleting the files.
The frightening part about the story is how simple it was for her to delete the files. She used her own credentials to access the server and delete the files, but it sounds as her position as an administrative assistant wouldn't have merited the "carte blanche" access to these files. Unless she was actually producing the drawings, I would normally assume she would have read-only access to the files at best.
The other part of the story that made me wince is that the owner of the firm had to pay for the recovery of the files. This means they didn't use any sort of data backup! I can't believe in this day and age that anyone would take a risk like that. I mean who can predict an employee doing that kind of damage, but surely they must realize that anything electromechanical, including their server, is bound to eventually fail and where would they be then? So, just some basic security rules surrounding access that would be applicable:
- Employ physical access controls to govern who has access to the workspace during and after hours
- Place the server equipment in a secure and environmentally controlled space
- Institute a policy to limit the ability of personnel to logon to the network after hours
- Define and assign permissions on directories/files only as needs dictate
- When an employee is terminated, disable their account(s) immediately
- Implement a backup procedure, even if it is as simple as copying data to optical disk and storing the copies in a locked space or better yet, offsite
Did I miss anything? If so, feel free to chime in. I've always heard that the majority of security breaches are the result of action by an employee rather than an anonymous hacker and that certainly was the case here.
» Threat Thursday: Least Privilege from ITechTips
Two weeks ago I posted Threat Thursday: The Enemy Within and discussed an incident where a disgruntled employee had deleted files from their employer's server with an estimated worth of $2.5 million. One of the more disturbing aspects of... [Read More]
Tracked on: February 14, 2008 5:28 AM | Permalink to Trackback