Those in IT departments and services see everything and have enormous power. Something to think about, right? They are the front line, the people who control your technology environment. They are system administrators and security engineers that are entrusted to be the gatekeepers, the watchmen and women, the guardians. The expectations are that they will protect and serve companies to safeguard the wall of protection from outside attacks. But what about what's happening on the inside? This is where many c-level executives take their eye off the ball and where risk management and the insider threat can come into play.
C-levels are often laser focused on the perimeter, building a fortress of virtual steel walls to keep out external threats. However, they don’t consider what could be happening on the inside, right under their noses. Make no mistake: The greatest damages to a company can come from internal security breaches. Understanding the detriment that can come from internal cyberattacks is paramount.
In September, Home Depot went down in cybersecurity history as falling victim to the biggest data breach in retailing history, which compromised 56 million of its customers' credit cards and personal information. And while Home Depot's breach was attributed to lax computer and network security measures that hadn't been addressed for years, there is another disconcerting thread in the do-it-yourself retailer's web of cyber risky business. The person with the title of Senior Architect for IT Security at Home Depot since March of 2013, the person in charge of the retailer's entire security architecture, is not on the job anymore. In May of 2014, Ricky Joe Mitchell, who had been hired by HD in July 2012, was convicted of sabotaging the network of his former employer, oil and gas company EnerVest Operating. He is serving four years in federal prison.
The former network engineer for the Charleston, West Virginia company admitted to investigators that in June 2012, shortly after learning he was going to be fired, he remotely accessed EnerVest's computer systems and reset the company's network servers to factory settings, essentially eliminating access to all of the company’s data and applications for its eastern United States operations, according to the United States Attorney's Office in the southern district of West Virginia. Also, before EnerVest terminated his access to their offices, Mitchell entered the offices after business hours, disconnected critical computer-network equipment, and disabled the equipment’s cooling system. As a result of Mitchell’s destructive acts, EnerVest was unable to fully communicate or conduct business operations for approximately 30 days. The company spent hundreds of thousands of dollars attempting to recover historical data from its network servers, and some of its data was lost forever.
"Imagine having your company’s computer network knocked out for a month,” said U.S. Attorney Booth Goodwin, who handled Mitchell's prosecution. “In this day and age, that kind of attack is devastating." Reports also found that in 1996, Mitchell was accused of planting 108 computer viruses in his high school's computer system.
While Home Depot's human resources department has been scrutinized for missing Mitchell's checkered past, it has opened up a discussion as to how best defend an organization on the inside without compromising the necessary security measures to guard against outside threats.
The best approach takes more of a wide look at an organization and its people. For example, does your organization employ background checks on internal and external resources accessing your network and assets? If not, it’s time to take a step back and re-evaluate your hiring procedures. For those who have access to information, what kind of controls are in place, which is just a tip of the iceberg to assess vulnerabilities?
As one of the only Certified Ethical Hacking (C|EH) groups in the markets where it operates, Twinstate Technologies® actively looks for the weaknesses "inside" to ascertain how certain situations may play out. What might someone with malicious intent inside the organization be able to achieve and what steps need to be taken to protect against them? Pulling a page from Twinstate Technologies' Multi-Threat Protection™ (MTP) playbook would certainly help.
While there is a need for C-level execs to stay keenly focused on the functionality of IT systems and personnel, identifying potential issues at the core with the help of an outside team is one of the best defenses. Even weaknesses that may appear minor could be detrimental. C-level executives may have an understanding of many of the company's processes and, perhaps even a handle on hierarchy of its security architects, but there are vulnerabilities that may not be readily waving those pesky red flags.
Although a more thorough background check by Home Depot on Ricky Joe Mitchell would have raised concerns, it appears other insider risks may have existed and brought to light by outside IT firms.
The takeaway is that it is the responsibility of the CEO and other high-level executives to be fundamentally involved in the reporting process by outside security firms. Whether it’s before a candidate is set to be hired or during an employee’s tenure, those in the lead need to be more invested in their role as watchdogs. It’s not micromanagement; it’s looking out for the security of your business, for the highest security risks could be equal to an organization’s downfall.
While it’s impossible to prevent all insider attacks, there are preventative and protective measures that can give businesses the upper hand. And sometimes it just takes an outsider looking in to help a company protect their most valuable assets.
Read "Managed Service Providers (MSPs) Bring Big Value"
Twinstate Technologies® specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions, with security being top of mind in every area of service. Its Information Security Services (ISS) detects and defends against cyberattacks via its Preemptive Attack Strategies™ (PAS) platform and Multi-Threat Protection™ (MTP) methodology. As an added layer of ISS, the company offers the guidance of its Information Security Advisory Team (ISAT). A go-to partner for organizations, Twinstate Technologies helps to alleviate internal IT demands while maximizing security posture.
Contact us today about your cybersecurity needs.
Originally published on 12/04/2014
Topic: Firewalls & Network Security
![Red Team Services: Introduction to Vulnerability Assessments [Free ebook]](http://www.twinstate.com/hubfs/pexels-photo-249203.jpeg)
