Exploitation and disruption to business computer networks is on the increase according to investigations conducted by the Federal Bureau of Investigation (FBI) and the Department for Homeland Security (DHS) in the US.
In a public service announcement made this week, the FBI and DHS said that:
“disgruntled and former employees pose a significant threat to US businesses due to their authorized access to sensitive information and the networks businesses rely on”.
The exploitation of both networks and servers within organisations by disgruntled and/or former employees has prompted a number of major investigations by the FBI. These have involved individuals using their insider access to destroy company data, steal proprietary software, obtain information on customers (and in some cases using that information to purchase unauthorised products and/or services) and gain a competitive advantage for a rival company.
Typically, the FBI is investigating cases where individuals are accessing data stored on the cloud, in personal email accounts or where employees have installed remote desktop protocol software prior to leaving an organisation. In some cases, former employees have modified company websites and restricted access to the content management system (CMS).
The FBI estimates that these insider threats are costing organisations between $3,000 to $3,000,000 (£1,841 to £1,841,110).
A range of recommendations was included in the announcement:
- Conduct a regular review of employee access and terminate any account that individuals do not need to perform their daily job responsibilities
- Terminate all accounts associated with an employee or contractor immediately upon dismissal
- Change administrative passwords to servers and networks following the release of IT personnel
- Avoid using shared usernames and passwords for remote desktop protocol
- Do not use the same login and password for multiple platforms, servers, or networks
- Ensure third party service companies providing email or customer support know that an employee has been terminated
- Restrict Internet access on corporate computers to cloud storage websites
- Do not allow employees to download unauthorised remote login applications on corporate computers
- Maintain daily backups of all computer networks and servers
- Require employees change passwords to corporate accounts regularly (in many instances, default passwords are provided by IT staff and are never changed).
If your organisation runs on the IBM i, Raz-Lee Security has developed a suite of specialist tools for the operating system. Amongst other features, iSecurity includes infrastructure security solutions which:
- Protect network access
- Monitor and report on system activities
- Manage user-profiles and authorities
- Track software changes
For a free security assessment of your IBM i, contact us today.
Posted by Paul on 26th September 2014.