It’s easy to think of hackers and data thieves as shadowy figures lurking outside of your organization, waiting for the perfect opportunity to get past your IT security measures by force or trickery. However, the people who are in the best position to get past your firewalls and security measures to damage your network or steal your sensitive data aren’t outsiders. They’re people inside of your own organization, often people in positions of trust. No one likes to think that they’ve misjudged trusted employees, but there are several high-profile cases that should remind employers about the possibility of threats from within.
Hackers don’t necessarily look like movie villains.
ClickMotive is an auto industry web software provider. In 2011, an employee named Michael Thomas, then working as the company’s IT operations manager, became disgruntled with his employer. His method of getting revenge on ClickMotive involved deleting hundreds of files, interfering with system notifications so that other employees wouldn’t be notified of problems, and changing authentication settings to prevent some employees from working remotely. Thomas also interfered with company email distribution, causing employee requests for assistance to go unanswered. Repairing the damage cost the company more than $130,000.
Thomas was convicted for his tampering under the Computer Fraud and Abuse Act, but appealed the decision, arguing that in his position as an IT operations manager, part of his job included damaging the computer system occasionally as a means of troubleshooting. However, the U.S. Court of Appeals for the Fifth Circuit upheld his conviction.
Often the people with access to sensitive information and motive to cause damage are trusted employees.
Another case involves the electric carmaker Tesla. Recently, CEO Elon Musk notified employees that an employee broke into the company’s computer system and made code changes to the operating system in an attempt to sabotage operations and disrupt manufacturing. What’s more, the employee also sent large amounts of company data to a third party. It may take some time to determine the full extent of the damages caused by the disgruntled employee’s actions.
It isn’t just private companies that are at risk. Even government organizations aren’t immune to this kind of sabotage. Software engineer Joshua Adam Schulte, who formerly worked for the CIA, is alleged to have stolen classified information from the agency and disclosed that information to Wikileaks.
Schulte also is alleged to have tampered with the computer system, giving himself unauthorized access to more material, deleting information in an attempt to cover his tracks, and locking out other users. He’s been charged with 13 counts, including illegal gathering of national defense information, illegal transmission of lawfully possessed national defense information, and obstruction of justice.
While most employees are well-meaning and loyal, employers should not close their eyes to the possibility that employees in trusted positions may be the ones that can do the most harm to their organizations. Employee monitoring software is an important tool that can help employers protect their computer systems and their most valuable data. To find out more about how employee monitoring software can protect your organization, Start your free 7-day trial.