Can Insider Cybercrime Happen to You?
Effective information technology management helps lessen the risk.
A database administrator spent four productive years at her job, earning promotions and commendations for her expertise and hard work. But then, she ran into trouble with a male supervisor. She complained repeatedly to her company's human resources department, saying the supervisor had made sexual remarks, overridden her technical decisions—although he had little database expertise—and contacted outside contractors about her projects without her knowledge. Human resources took no action. Meanwhile, the male supervisor filed negative performance reviews, and the DBA was demoted.
More than a year after filing her first complaint, she took a job at another company. It looked like the episode would pass into history—leaving nothing but unpleasant memories.
Only it wasn't over. Two months after starting her new job, the DBA learned that only her bad performance reviews—not the accolades she'd earned over the years—had been forwarded to her new employer. She was furious and wanted to strike back. And, because of her technical skills, she knew just how to do so.
At her old job, she'd used a shared DBA account, and although the IT staff had terminated her own account when she left, they had failed to change the password on the shared account. She now used that account to get back into her former employer's system, access the database, and delete critical spaces—rendering it useless.
The sabotage was traced to the DBA in question, who was arrested, sentenced to five months in prison, and ordered to pay restitution of US$35,000. But this was little consolation to her former bosses. Unfortunately for them, the company had been having backup problems at the time of her attack, and its most recent database backup was two weeks out-of-date. It took 115 employees a total of 1,800 hours to retrieve and reenter the lost data.
Incidents like these are why many companies are beginning to pay closer attention to the growing threat of insider cybercrime—electronic or computer-based theft, fraud, or sabotage committed by current or former employees. In the 2006 E-Crime Watch Survey, conducted by CSO Magazine, the U.S. Secret Service, the CERT (Computer Emergency Response Team) Coordination Center at Carnegie Mellon University, and Microsoft, 55 percent of responding executives reported at least one insider cyberattack in the previous year, up from 39 percent in the 2005 survey. And 28 percent cited current or former employees as the top threat to their organization's cybersecurity.