Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Prevent internal IT sabotage

Todd R. Weiss | March 5, 2013
Preventing external attacks to IT systems is a huge and critical task for most companies, but what are businesses doing to stop similar attacks when they come from within? That's a question that more companies should be asking themselves as internal IT sabotage cases regularly hit businesses hard, causing big monetary losses and often knocking companies offline for days or weeks.

In the Shionogi case, Cornish had resigned after an ongoing dispute, but the company hired him back as a contractor so he could finish a project for them, according to IDGNS. That might have been a fatal mistake, Walls says.

"I worry about an organisation that says 'we don't like what this guy is doing so we're going to turn him into a contractor and then allow him to keep access,'" Walls says. "If someone can't be trusted, they shouldn't have access to your environment. What happened here to enable this to go on was that their user provisioning lifecycle was not handled well. If your system is so complicated that you cannot replace one member of your team quickly, then you have a bigger problem."

One simple way to help prevent such problems, Walls says, is for business executives and the IT staff to actually get to know each other better so they work as a team and not as separate worlds.

"The business manager needs to have personal relationship with their IT managers and know them on a first name basis," Walls says. "They need to talk with them regularly. A business needs to know when an IT person is going off the rails and the only way to do that is to have personal relationships and know each other. IT people shouldn't be treated as a 'geek squad' at a separate table but as part of the company and part of the team."



Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.