Anthony further scared delegates with information that a Fannie Mae contract worker planted a rogue script designed to destroy the companys 4,000 servers nationwide. The employee was terminated, but he retained rights to the UNIX system where he planted the script. Cleaning up the mess cost the company more than US$20 million.
In the Heartland case, hackers gained access to the network and stole credit and debit card numbers as they were being processed. Administrators did not catch the activity in the log reports generated by their payment systems.
More than 100 million transactions, containing credit card numbers and IDs were accessed by the hackers and, if you think you are safe because you are not in the US, think again. Anyone in the world who used their credit card to make a purchase, say form a 7 Eleven outlet, could potentially have had their card details exposed.
Promptly cut access
Anthonys key point was that, terminated employees, sometimes with a chip on their shoulder, are mostly being allowed to walk out the door with thumb drives, CDs and even laptops full of sensitive data. And, they leave with their access codes working too, so they can happily pillage their former companies crown jewels at their leisure.
It doesnt take a genius to realise that once an employee is terminated, so should any access privileges they have. In fact, perhaps the access privileges should be cut just before they are asked to leave. Anthony told the seminar that at Novell, any terminated employees access is dead within two minutes of them departing perhaps a good model.
An heres the kicker to all this: another slide from Anthony showed a quote from a Verizon 2008 Data Breaches report which said: Evidence of events leading up to 82 per cent of data breaches was available to the organisation prior to actual compromise. Regardless of the particular type of event monitoring in use, the result was the same: information regarding the attack was neither noticed nor acted upon.
In other words, if they had proper systems in place, most victim organisations could have discovered the breaches before they happened.
I trust you benefit from this valuable insight and take Anthonys closing advice, which was to adopt a culture of compliance, identify critical systems and automate for event-based action'.
Ross O. Storey, currently the Managing Editor of Fairfax Business Media Asia, is responsible for the editorial content and production of MIS Asia, CIO Asia, Computerworld Singapore and Computerworld Malaysia magazines.
Sign up for Computerworld eNewsletters.