Ex-Employee Hack Highlights Insider Risk

A network administrator recently pled guilty for sabotaging the systems of his former employer, a high-profile financial company.

In a press release issued by the U.S. Department of Justice, Casey Umetsu admitted to redirecting web and email traffic through the company’s domain registrar shortly after severing ties with them. 

“Umetsu then prolonged the outage for several days by taking a variety of steps to keep the company locked out of the website,” states the release.

While the incident itself was likely inconvenient and costly for his former employer, it also stands as a near-perfect example of insider risk. Umetsu didn’t use any high-level hacking techniques or Hollywood-esque social engineering techniques, he simply used a password that hadn’t been changed after his departure. 

The reasons for employers to be careful with access to credentials are many. Employees with high levels of access often leave their positions without having hardware reclaimed (or with sensitive data on personal devices). Credentials to networks are often highly sought on dark web forums and can be bought, repackaged and sold to the highest bidder or bidders, making companies with disgruntled staff relatively easy targets. 

Failure to properly account for these risk factors massively increases the attackable surfaces of employers, as well as any of their clients in the form of supply chain risk.

Organizations and companies, especially those with access to sensitive information are encouraged to regularly perform access audits as part of their cybersecurity strategy to ensure that former employees and contractors have access privileges to resources revoked after they’re no longer associated with a company. Resetting and updating passwords should be part of this process.

Wondering how to secure your organization against insider and external risks? Nodal can help. Contact us today!