Insider threats are one of the most significant security concerns in all businesses. Many companies do not recognize the dangers that may exist within their own staff. This can quickly become apparent when an employee with a grudge is terminated.
In the case below, the employee was with the company for just 6 months, but was able to cause over $100,000 in damage within two days of her termination.
From court records:
Monday, August 16, 2021
A jury returned a guilty verdict today against MEDGHYNE CALONGE, on one count of intentionally causing damage to a protected computer, and one count of accessing a protected computer and recklessly causing damage. Both counts relate to CALONGE’s deletion of tens of thousands of human resources records of her former employer (“Employer-1”).
…While she was being terminated, and just before she was escorted from the building, CALONGE was observed by two employees of Employee-1 repeatedly hitting the delete key on her desktop computer. Several hours later, CALONGE logged into a system (“System-1”) used by Employer‑1 to receive and manage applications for employment with the company, which the company had invested two years and over $100,000 to build. During the next two days, CALONGE rampaged through System-1, deleting over 17,000 job applications and resumes, and leaving messages with profanities inside the system. Ultimately, CALONGE completely destroyed all of Employer-1’s data in System-1. Employer-1 subsequently spent over $100,000 to investigate and respond to the incident and to rebuild System-1. To this day, Employer-1 has been unable to recover all of its data.
…CALONGE, 41, of Tampa, Florida, was convicted of one count of intentionally damaging computers, which carries a maximum prison term of 10 years, and one count of recklessly damaging computers, which carries a maximum prison term of five years.
See full press release [here].
An insider can be anyone with the right motive and means. They can have many tactics at their disposal that will put your assets at risk. These may include physical damage, theft of data, data destruction, and eavesdropping or leaked audio from meetings or phone calls. An organization must make concerted effort to be able to detect and mitigate the risks posed by insiders.
Rules and regulations may help keep honest people honest, but malicious insiders don’t care about regulations. They find security gaps and vulnerabilities to accomplish their objectives.
And when the insider is on the way out, they may feel they have nothing to lose!