There are few things in life that aggravate me more than people blatantly abusing IT access privileges that have been granted them by their employers. I think this presses my buttons even more than an unauthorized intrusion by a hacker or cybercriminal. Now, don’t get me wrong. Both scenarios can add up to a nightmare, and often times the financial impact of an external attack on a company is far worse than an “inside job.” But in the latter case, I think it’s the violation of trust that gets me most upset.
There have been many notable and well-publicized incidents that you may have heard about. Like the one about Jessica Quitugua Sabatia, a former accounts payable clerk for North Bay Health Care Group, who admitted to using her computer to access North Bay’s accounting software without authorization, and in turn issued various checks payable to herself and others. The fraudulent scheme resulted in losses to North Bay of at least $875,035.
Then there’s the more recent case of Lawrence R. Marino, who admitted that he repeatedly hacked into the computer systems of his former employer, OneSky Jets, a charter flight services company. According to the criminal information, while employed at OneSky, Marino acquired other employees’ log-in credentials for their OneSky email accounts. After Marinos’ employment at OneSky was terminated, he began working for a competitor private jet company and repeatedly accessed the email accounts of OneSky employees to obtain information about OneSky’s existing and prospective customers. Marino also hacked into OneSky’s computer system and obtained a copy of a database with tens of thousands of customer names and other information. According to the court document, Marino used this illegally-obtained customer information to then solicit new customers on behalf of his new employer.
Not As Rare As We'd Like To Think
Stuff like this happens all the time. One visit to http://www.cybercrime.gov/ will open your eyes to the cases where people are actually caught. The sad truth is that there are many more situations where people are getting away with their misdeeds, because the proper prevention and/or detection systems are not in place.
It is crucial that every business with a network, no matter the size, regularly analyze its potential vulnerabilities with a simple network assessment scan handled by a qualified network technician– at least quarterly.
Okay, I shared a few horror stories. What’s your worst network access nightmare?