{"id":15035,"date":"2014-12-03T18:50:10","date_gmt":"2014-12-03T18:50:10","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2936"},"modified":"2019-11-15T07:09:50","modified_gmt":"2019-11-15T12:09:50","slug":"why-angry-employees-are-everyones-problem","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/why-angry-employees-are-everyones-problem\/15035\/","title":{"rendered":"Why Angry Employees are Everyone&#8217;s Problem"},"content":{"rendered":"<p>What is the worst thing a person can do to hurt their previous employer? This may never be more than a passing thought for most people, but whenever there\u2019s a layoff, at least a few of the freshly terminated employees are seriously pondering it. And it wouldn\u2019t take too long \u2013 a quick Google search would do it \u2013 to figure out that a cybersecurity incident would be just the thing: It can cause expensive havoc or put the organization out of business.<\/p>\n<p style=\"text-align: center\">\n<\/p><p>It\u2019s a scary thought. In the past, a business only had to worry about a disgruntled few who <em>might<\/em> have sophisticated hacking skills. However, these days anyone can place an order for a Denial of Service attack by paying <a href=\"http:\/\/securityintelligence.com\/underground-cybercrime-exploits-for-sale\/#.VHDVOmd0yM8\" target=\"_blank\" rel=\"noopener nofollow\">as little as $10 an hour<\/a>.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Why Angry Employees are Everyone\u2019s #Security Problem<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fn6KY&amp;text=Why+Angry+Employees+are+Everyone%26%238217%3Bs+%23Security+Problem\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Lest you think this is a headache limited to IT and management, it\u2019s worth taking a look at some of the scenarios below. Typically, the assets most attractive to cybercriminals are: Personally Identifiable Information (which belongs to employees or customers) and Intellectual Property (company secrets). Since the loss of these can hurt other employees, customers, and stockholders, an upset ex-employee becomes everyone\u2019s problem. Here are three of the easiest scenarios angry former employees can enact:<\/p>\n<p><strong>Scenario #1: Pay someone else to disrupt the business <\/strong><\/p>\n<p>As referenced above, the employee goes online to an <a href=\"http:\/\/www.wired.com\/2014\/11\/the-evolution-of-evolution-after-silk-road\/\" target=\"_blank\" rel=\"noopener nofollow\">underground forum<\/a> and essentially hires cybercriminals to launch an attack upon the former company\u2019s webservers. These attacks can be paid for anonymously via Bitcoin. \u00a0 \u00a0 \u00a0 \u00a0<strong>\u00a0<\/strong><\/p>\n<p><strong>Scenario #2: Sell passwords to the highest bidder <\/strong><\/p>\n<p>If the employee is in possession of passwords that are still in effect (or knows how to get them), they can offer these up for auction to cybercriminals on the darknet (instructions on how to get there can be found on YouTube). Or the passwords can be offered for free \u2013 in cases where a corporate employer has <a href=\"http:\/\/en.wikipedia.org\/wiki\/Hacktivism\" target=\"_blank\" rel=\"noopener nofollow\">hacktivist<\/a> enemies.<\/p>\n<p><strong>Scenario #3: Sell detailed insider information <\/strong><\/p>\n<p>An employee armed with information about specific cybersecurity tools the company is using can offer cybercriminals something even more valuable: reconnaissance. Knowing an organization\u2019s software, hardware, and basic policies can make data breaches a relative breeze: hackers can then aggressively put pressure upon an identical configuration until it breaks, revealing the attack tools which are required to get in. Whether they do this themselves or purchase the necessary vulnerability information, an attack that starts this way could easily bankrupt a company.<\/p>\n<p>One convenience to aggressors: It is easier than ever to evade law enforcement by using the right tools \u2013 those that obfuscate our treks around the Internet. <a href=\"http:\/\/www.digitalcitizensalliance.org\/cac\/alliance\/resources.aspx\" target=\"_blank\" rel=\"noopener nofollow\">Bitcoin<\/a> has made it possible to both provide and receive payment anonymously. TOR, aka The Onion Router (it essentially hides the identity of the sender) allows people to take steps that cannot be seen or easily reconstructed. (As a warning to those thinking about engaging in nefarious acts, law enforcement is finding ways around net anonymity. Consider the couple in Northern California <a href=\"http:\/\/www.sfgate.com\/crime\/article\/NorCal-couple-ensnared-in-dark-Web-drug-site-5907946.php\" target=\"_blank\" rel=\"noopener nofollow\">who were recently busted<\/a> for operating a narcotics business they set up on Silk Road 2.0.)<\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/12\/06020214\/wide-5-1.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2938\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/12\/06020214\/wide-5-1.png\" alt=\"wide (5)\" width=\"1000\" height=\"667\"><\/a><\/p>\n<p>Regardless of the ease in which attacks can now be organized, there are some proactive steps a company can take towards protection. Here are three of them:<\/p>\n<p>Rule #1: <strong>To the extent companies can be discrete about the security tools they are using, even from their own employees, they will be better off.<\/strong> Sometimes executive management agrees to publish success stories about network security tools they are using, not realizing these can be pieced together to create a useful attack diagram of their network.<\/p>\n<p>Rule #2: <strong>Suspect everyone<\/strong>. <strong>Any time an employee is fired or laid off, all passwords to all systems they had access to should be changed<\/strong>. We can\u2019t know how angry an ex-employee is or might become. Changing passwords should be mandatory and completed as a matter of course immediately preceding every exit interview. (<a href=\"https:\/\/www.securityexecutivecouncil.com\/spotlight\/?sid=26608\" target=\"_blank\" rel=\"noopener nofollow\">Go here for a list of eleven questions<\/a> developed by the Security Executive Council which should be answered by CFO\/CIOs\/CSOs to help address all types of insider threats.)<\/p>\n<p>Rule #3: <strong>Consider offering severance packages, and ensure the employee understands the stakes.<\/strong> The ROI for a severance package is very often the mollification of an employee who might otherwise inflict harm. Final documents should include notification that the company will aggressively pursue any ex-employee who attempts to harm the company.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Ex-Employees may want to harm the company, but they can be prevented from doing so. #enterprisesec<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fn6KY&amp;text=Ex-Employees+may+want+to+harm+the+company%2C+but+they+can+be+prevented+from+doing+so.+%23enterprisesec\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Finally, anyone working for an organization they truly value should consider reporting any co-worker who threatens to harm the company. Good security definitely \u201ctakes a village\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Disgruntled ex-employees don&#8217;t need to have special hacking skills to inflict severe damage on the company infrastructure. Cynthia James reviews a number of scenarios, and ways to prevent attacks of this kind.<\/p>\n","protected":false},"author":392,"featured_media":15840,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2240,2071,282,1091],"class_list":{"0":"post-15035","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cyberattack-prevention","10":"tag-cyberattacks","11":"tag-cybersecurity","12":"tag-it"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/why-angry-employees-are-everyones-problem\/15035\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/why-angry-employees-are-everyones-problem\/15035\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/why-angry-employees-are-everyones-problem\/15035\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/cyberattack-prevention\/","name":"cyberattack prevention"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15035","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/392"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15035"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15035\/revisions"}],"predecessor-version":[{"id":30636,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15035\/revisions\/30636"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15840"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}