Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
Insiders Are the Biggest Security Threat
June 01, 2002 — CIO — When John Michael Sullivan moved to Charlotte, N.C., to help develop a mobile computer program for Lance Inc., he hung up an old plaque. Inscribed "Dr. Crime’s Terminal of Doom," the memento celebrated Sullivan’s youthful love of the movie Indiana Jones and the Temple of Doom?and his reputation as a computer hacker who went by the handle Dr. Crime.
"I was a hacker long before being a hacker was cool," Sullivan wrote on a webpage the FBI later found on his hard drive, describing his affection for the plaque. "More than once I was accused (falsely?) of perpetrating acts of computer crime against various systems and agencies. But regardless if I did or didn’t, I never got caught.... And although I have ’settled in’ to a real job, Dr. Crime still lives...quietly, anonymously and discreet."
Or not. After Sullivan was demoted at snack-food maker Lance in May 1998, he planted a logic bomb. This malicious code, set to execute on Sept. 23, 1998, the anniversary of his hire date, would destroy part of the program being written for the handheld computers for Lance’s sales force. When the bomb went off?months after Sullivan had resigned?more than 700 salespeople who rove the Southeastern United States with truckloads of Captain’s Wafers, Cape Cod Potato Chips and Toastchee crackers couldn’t communicate electronically with headquarters for days, and Lance feared the attack might cost $1 million.
The evidence Dr. Crime left is unique, but the scenario? Hardly. Whether it’s sabotage or the theft of trade secrets, a growing number of companies are learning the hard way that their biggest security risks are on the inside. Employees, contractors, temps and other insiders are trusted users. They know how a company works, and they understand its weaknesses?and that gives the occasional bad apple a chance to really make things rotten.
Rather than handling the situation internally as something to cover up, as do many companies faced with insider crime, Lance decided to act. "We wanted to send the message that these types of actions were not accepted by senior management," said Rudy Gragnani, vice president of IS at the $583 million company, in an interview that his edgy legal department allowed him to conduct only via e-mail. "The livelihood of our sales representatives was being impacted, and we took this situation very seriously."
In April 2001, the then-40-year-old Sullivan?who also wrote on that webpage that he’d relocated from New York to North Carolina to give his family a better quality of life?was sentenced to two years in prison without parole and ordered to pay almost $200,000 restitution. He lost an appeal in February 2002.
War Gaming: Necessary Exercises
Encryption Made Easy: The Advantages of Identity Based Encryption
Messaging Security Goes Virtual
Regulations Shift Focus on Outbound Email Security
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
China Aims to Protect Olympic Content From Pirates
Samsung Puts 128G-Byte SSDs Into Mass Production
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
