Employees Are The Biggest Security Threat
blankmange writes "BBC News is reporting that the employees of a company pose the biggest threat to security. "Digital cameras, MP3 players and handheld computers could be the tools that disgruntled UK employees use to sabotage computer systems or steal vital data, warn security experts. The removable memory cards inside the devices could be used to bring in software that looks for vulnerabilities on a company's internal network. The innocent-looking devices could also be used to smuggle out confidential or sensitive information." Unfortunately, this is not news, but it is amazing how slowly the general public, corporations included, comes around on issues like these. "
Like I said in one of my previous posts on the subject (that I cannot find now for the life of me!), the company that I work for is already very wary of it's data and the "toys" people bring into the office. And now thanks to those keychain-sized USB drives, every guest has his keychain checked before he enters, and has to empty his pockets. Of course, you could still sneak one in, anything is possible as we aren't going to be implementing strip searches anytime soon. ;)
In the mean time, we keep all the sensitive data as locked down as possible, and hope for the best. I suppose in the end it is just part of human nature; even the most honest, trustworthy of people will steal from you if given the right motivation. Caring managers and a good working environment go a long way to prevent theft (and general unhappiness/turnover!), perhaps even moreso than good security personnel.
Oh yes, we should definately come around on issues where the 'biggest threat' is from the people with the 'inside track'. There's no better way to raise a generation on folx free from the confines of ethics and responsibility .. where anything that they can do technically and physically must be AOK, or else it would be impossible to to it.
You really have to be kidding me here. If your employees are truely taking their time to use their mp3 players to screw your business, you have more pressing concerns than the 'vulnerability' of the systems from the people who built them.
I suppose since most premeditated murders happen between people who know each other, we'd better wake up and start hiring personal bodygaurds to protect us from our loved ones too!
"Old man yells at systemd"
Another cause is common stupidity / ignorance. My wife works in a bank. Last year this bank interrogated two employees regarding theft of quite a large sum of money. It turned out to be one of their collegues, who used their terminals to make a few transactions. Those two wrongfully accused employees had a habit of not logging out or locking their terminal when leaving the desk. Cases like this make you wonder how often does this happen in other companies?
We had a SW Architect who was really anything but. He WAS a great salesman and was able to BS his way out of trouble for ~2 years before they tossed his butt out. When he left, I had been there for ~6 months. In that time, he had burned roughly 150 CDs, he said for backup of our project (our TOTAL source was less than 2 floppies). He also password protected all of his PCs (forcing us to remove the BIOS battery).
Further, on the server, about 7GB of a 13GB HDD was of a format not recognized by the Mandrake installer. The only thing I could think of was that it was encrypted. Who knows what data was taken or what was on that partition. We reported what we saw and re-formatted...
Add another 4 months. They fired this guy but didn't revoke his user/pass. So he manages to find a server with telnet exposed to the internet and "hack in" (using his still working user/pass). He then procedes to go to every server he can find and rm -rf on every directory where he has access. They ended up rebuilding 3 Sun boxes.
No charges in either case.
Computer Science is Applied Philosophy
In my much younger days, back in the 70s, I worked on a loading dock of a department store. They had a guard there at all times making sure we didn't toss some merchanise into the back of a truck.
We worked our asses off for minimum wage (back in the 70s when jobs were REAL hard to come by). The joint treated us like slaves. They even removed the chairs where we wrote up the paperwork and install a table at standing height. Some manager was concerned we were taking too long to write up paperwork. We also in the beginning got two 15 minute breaks a day and then they took one of them away.
So they started having a huge problem with shrinkage out of the stock room. The more they clamped down, the more stock just disappeared. They "doubled the guard" and rotated out the old one and still the shrinkage continued.
What they weren't guarding was the trash compactor. They'd be pissing off employees so bad that some would go and grab a $500 stereo (our fulltime take home pay was $77/week) and tossed it into the trash compactor and hit CRUSH. A shitload of merchandise went into that thing...
Oh, and for the record, the company was Almart, they went out of business in the 80s, I never did anything like that (didn't have the balls). I eventually got fired, but not for that. I got fired for trying to get the UFCW union to represent the employees and the stupid idiots voted it down. Just as well though, since the store went "tits up" three years later. If the union got in there, they'd be blaming the union for them going out of business...