While Halloween only comes around once a year, there are some truly frightful security mishaps occurring on a daily basis. Some of these mishaps have made headline news, while others were too terrifying to share... until now.
Just in time for Halloween, renowned cyber security expert and SANS Faculty Fellow, Dr. Eric Cole, shares three horrific tales of hideous human behavior which he has personally witnessed and lived to tell! Warning: What you are about to read is real.
Ghosts of Employees Past
Consider this frightening tale. When performing a routine security assessment for an organization, it was discovered that more than 145 accounts of employees who no longer worked for the organization were still active. GASP! Even scarier, when looking for possible activity on these accounts it was discovered that 17 of them were still actively being used. You can imagine the horror, but it gets worse.
After approaching HR to find out if there was anything special about these accounts it was revealed that seven of the 17 people who were actively using their old accounts were fired five months earlier for stealing information about the company and giving it to a competitor. Talk about a nightmare! Fire an employee for stealing, take away their badge but forget to cut off account access, only to learn they continue stealing from the organization even after termination. Now, that is terrifying!
If you don't have goose bumps yet, this global tale will likely raise a hair or two. A large US manufacturing organization with state-of-the-art industrial technology was under constant attack by the Chinese. Every four to six weeks for several years this grotesque scene continued to play out. These compromises wreaked havoc within the manufacturing organization's security environment. Yet despite the disturbing efforts of the Chinese hackers, the company was able to keep its technology a secret. However, for some mysterious reason (OK, because of costs), the executive team decided to move all of its US manufacturing and production to... China. GASP! The security team was left screaming in horror as their worst nightmare came true. Despite being able to successfully fend off the attacks over a three-year period while located in the US, within just two years after moving overseas the Chinese hackers were able to successfully infiltrate. As if this story couldn't get any more horrific, it didn't take long for them to develop a competing product which outsold the US company's product. The US company was forced to close its Chinese operations, as it was unable to compete. While the US manufacturing company is still in business today, its product line went from a billion-dollar product line to a mere million-dollar product line. How's that for a gruesome tale?
Sign up for CIO Asia eNewsletters.