The “trusted insider” remains the most significant threat to company networks
The United States Attorney’s Office for the Middle District of Pennsylvania announced last week that Dariusz J. Prugar, age 32, of Syracuse, New York, was convicted after a week-long trial before a federal jury in Harrisburg, Pennsylvania, of computer fraud and wire fraud.
Prugar was the network administrator for Pa Online, an internet service provider in Enola, Pennsylvania. Kruger was fired by Pa Online in June of 2010. Just days later he secretly hacked into the business’s computer network, resulting in the deletion of vast amounts of data, a network crash, and a significant disruption in service for over 5000 Pa Online customers. Some of these customers, including 500 businesses, were without internet service for a week. Prugar is believed to have inserted “back doors” in the network which allowed him to access his former employer’s network after his termination.
“Trusted Insiders” remain the one threat that consistently keeps information security professionals up at night. A recent survey of information security managers confirmed that threats from low-level insiders are far more worrisome than the threat of a sophisticated hack by a well-funded, external criminal organization. A full 28% of respondents confirmed this fear.
Purger could face up to 30 years in prison and a fine.
While it is almost impossible to stop a determined internal employee from hacking their employer’s network, particularly if they have network administration privileges, there are a few steps that can remove the low-hanging fruit for a hacker.
- Know your network. Perform frequent audits of the equipment and applications installed and running on your network. This can help identify “rogue” devices or software that may have been installed. Use outside service providers to help conduct these audits to help prevent a dishonest IT employee from covering his tracks.
- Be redundant. Never give one employee the keys to the entire kingdom. Make sure other employees have access to important passwords and systems to prevent one employee from locking you out of your network.
- Have good processes. Companies must have a process in place for revoking the network access of terminated employees in a timely fashion.