Everyone enjoys a great employee horror story or two. In the last 20 years of working in the field of Information Technology and Cyber Security, I have watched first hand as many untrained employees have done things to jeopardize their company Cyber Security.
When it comes to the security and protection of your network, there is only so much that can be done from a cyber security standpoint. Employees play a key role in helping to protect your corporate network and security and if not properly trained can contribute to the majority of your breaches and loss of data. Educating them on the proper procedures and standards is paramount to ensuring your network information stays safe and secure.
Our story today shows what happens when an employee is not aware that their actions may cause a severe data breach at this local insurance company.
We see it every day on the news; Lowe’s, Target, Home Depot and Sony to name a few. Companies are getting hacked daily, resulting in the loss of income, privacy breaches, stolen credit card information and tainted reputations. The demand on the internet black market for private information is huge with huge financial gains for anyone able to provide this type of information.
A long term employee (we will call him John) for a local insurance agent was outside sitting down, eating his lunch one day. It was a typical day for John; as he was just finishing up his lunch, he happened to see a USB flash key sitting on the ground next to the trashcan. Picking up the key, he thought nothing about what could be on the key or how it came to be there.
Later in the day, John remembered that he had found the key and was curious to see what was on it. Inserting it into his system, John was surprised and maybe a little to happy to find that the drive had been empty. Taking the drive out of his machine he threw it into a desk drawer to be forgotten.
While this sounds like a rather boring example of a guy finding a USB drive, and discovering it was “empty.” It is just that kind of tale until roughly ten days later, in our secure operations center something quite serious was happening.
One of our Senior Analyst started to get alerts that the insurance client’s network was being accessed from an out-of-country computer system repeatedly. The attack took the form of a large number of failed network login attempts. This type of alert was indicative of a system breach and demanding our immediate attention. Our Senior Analyst was able to send out an alert to the customer, and we dispatched a Senior Engineer to the site. After comparing system monitoring reports with some “old fashioned detective work” by our Senior Engineer, we were able to determine the source of the intrusion … it came from malware placed on a USB key, discovered “accidentally” by an employee.
The USB Key was planted where it was found by hackers, hoping someone would come along and find the key loaded with malware. Thankfully the insurance company had our monitoring and intrusion detection software in place, and were able to quickly respond to the threat. Several hours later, we were able to remove the malware and secure the network from the external breach attempt. Our Senior Engineer then took a few moments to speak to the operations head at the insurance company and explain to them what caused the breach.
The unsuspecting employee who triggered the breach learned two valuable lessons:
- Never pick up stray USB keys off the street and insert it directly into a system without some sort of protection in place to prevent malware installation.
- Hackers will rely on a combination of human nature and sophisticated malware to breach corporations to access proprietary data.
What is the moral of the story?
IT Cyber Security is an important part of your company’s daily operations, having a lax security system can result in a breach that could financially impact your company. Hackers are getting smarter, and using methods that take advantage of human behavior, and typical business rules. The only way to prevent suffering from a data breach is to have a layered approach (monitoring, reporting, and analysis) to dealing with intrusion attempts.