Revenge is one reason employees misuse and abuse systems. The most common motivator behind the inside job is a sense of entitlement, experts say.Revenge is one reason employees misuse and abuse systems, as was the case when Kenneth Patterson, former data communications manager for American Eagle Outfitters, disabled his company’s ability to process credit card purchases for the first five days of the holiday shopping season in 2002. But the most common motivator behind the inside job is a sense of entitlement, experts say.“The threat from inside is not just disgruntled employees wanting to get even,” C&W’s Neal says. “Businesses have always had what you could call shrinkage. Employees rationalize stealing pencils, paper clips and bottles of Coke. But with digital assets stored in computers, this process becomes more impersonal, repeatable – and scalable. Now you can steal a case of pencils instead of a box of pencils, metaphorically speaking.”So strong is this feeling of entitlement that employee theft of data makes up about 75% of the cases investigated by Anton Litchfield, director of forensics consulting services for NTI, an electronic evidence discovery firm. For example, last summer a vice president of sales for a stock analysis firm quit to go to a competitor. But before she left, she copied the customer database to take with her.Suspicions were raised when one of her co-workers told his network manager that he’d seen a Windows dialog box copying large files to a folder on her home computer the week before she left – while nobody was at her desk. She’d accessed her office computer from her home computer using GoToMyPC. PATTERNS OF BEHAVIOURProfile 3:INTERNAL ATTACK •Create network accounts for themselves and their friends.•Access accounts and applications they wouldn’t normally use for their daily jobs. •E-mail former and prospective employers.•Conduct furtive instant-messaging chats.•Visit Web sites that cater to disgruntled employees, such as f’dcompany.com. •Perform large downloads and file copying.•Access the network during off-hours. COUNTER MEASURES •Enforce least privilege, only allowing access to the resources employees need to do their job.•Set logs to see what users access and what commands they’re putting in. •Protect those resources that are most important with strong authentication. •If you see someone accessing something they shouldn’t, have that person’s manager discuss it with the employee to deter future bad behavior.•Upon termination, delete all computer and network access. •When employees leave the company, make a mirror image of their hard drive before reissuing it. That evidence might be needed if your company information turns up at a competitor. That’s when the network manager contacted NTI.“Through forensics analysis of her home computer, her office computer and the network logs, we were able to prove that she’d accessed those files from home and copied them onto her home computer just before she quit,” Litchfield says. “But if that employee hadn’t seen her computer copying those files, nobody would have been the wiser.”In cases of both a disgruntled employee causing damage or one who feels entitled to steal, you won’t see much digital evidence of a crime, Neal says. That’s because they already have the access and the insider knowledge. For example, in the American Outfitters case, for which Patterson was sentenced to 18 months in prison in December 2003, he used his own password to access the system and cause the damage. The female vice president also used her own remote logon program to get to the files she downloaded.Main | Next: Adrian Lamo: Profiling network administrators Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe