How To Prevent IT Sabotage Inside Your Company

Recent cases of IT workers who turn against their companies and destructively shut down networks for days provide lessons for how businesses can work to prevent similar attacks.

By Todd R. Weiss
Fri, August 19, 2011

CIO — Preventing external attacks to IT systems is a huge and critical task for most companies, but what are businesses doing to stop similar attacks when they come from within? That's a question that more companies should be asking themselves as internal IT sabotage cases regularly hit businesses hard, causing big monetary losses and often knocking companies offline for days or weeks.

Earlier this week, a 37-year-old former IT staff member for the U.S. subsidiary of Japanese drug company, Shionogi, pleaded guilty to remotely infiltrating and sabotaging the company's IT infrastructure this past February. The damage scrambled the company's operations for days and cost Shionogi more than $800,000 in damages, according to IDG News Service.

Slideshow: Security Quiz: How Well Do You Know the Insider Threat?
Slideshow: When Rogue IT Staffers Attack: 8 Organizations That Got Burned

The former employee, Jason Cornish, logged in to the network using a hidden virtual server he had previously created, then wiped out the company's virtual servers one by one, taking out e-mail, order tracking, financial and other services, according to IDGNS and court filings. IDGNS also reported that Cronish's former boss at Shionogi refused to turn over network passwords and was eventually fired.

IT security analysts say that incidents like this should be clear reminders that companies need to be working harder to fight back against such attacks on a regular basis using basic security steps and common sense. It is key to remember that intrusion threats can come from within your corporate walls at any time, not just from outside your firewalls.

"The thing to do is to try to separate the duties out so that anything that happens would require collusion between more than one person to perpetuate fraud or do damage," says Pete Lindstrom, an analyst with Spire Security. "The way you separate this is to have proactive steps and a logging or monitoring system that will record activity to other systems. It generates their tracks."

The challenge, Lindstrom says, is that IT insiders are often experts in their departments and they know how to work around such protections. "At this stage, it's a tricky game. A really clever attacker can do a lot to hide himself."

In addition to maintaining a separation of duties, it is important to really know who your company is hiring to take on critical IT tasks. "Certainly you should be doing background checks," Lindstrom says. "If you knowingly hire someone who has a history of hacking that's a risk you need to know about."

Continue Reading

Our Commenting Policies