Disgruntled IT Contractor in Jail | Protect Against Insider Threats

Large-scale internal security breaches are becoming increasingly more popular, costing companies millions of dollars each year. The sum of this loss comes from the financial damages of the breach itself and, in some cases more importantly, damage to the company’s reputation, translating to big dollars off the company’s bottom line.

A recent judgement serves as a clear reminder not only of the importance of protecting against internal threats but of the cascading effect the resulting damage can have. On Monday, a former IT contractor was faced with up to 10 years in prison, by the California U.S. District Court, after hacking into a company’s server in 2018 and causing havoc. After been removed from the project and subsequently fired, he accessed the company’s network and deleted its employees’ Microsoft Office 365 accounts.

According to the Department of Justice (DoJ), the attack affected the bulk of the company’s employees and completely shut down the company for over two days, with the contractor deleting over 1,200 of its 1,500 O365 user accounts. “Employees’ accounts were deleted – they could not access their email, their contacts lists, their meeting calendars, their documents, corporate directories, video and audio conferences, and virtual Teams environment necessary for them to perform their jobs,” according to the DoJ.

“Outside the company, customers, vendors and consumers were unable to reach company employees (and the employees were unable to reach them). No one could inform these buyers what was going on or when the company would be operational again.” Even after the two-day shut down, employees experienced continued issues.

Read the full story here.

The article, shown above, also mentions several other recent incidents, like the data breach in 2019 with Capital One affecting over 106 million people in the U.S. and Canada alone. That brings us to the question, with insider attacks on the rise, how do you protect your company data when an employee leaves the organization?

How To Protect Against Insider Threats
Blind spots in native tools and data security can leave your privileged accounts vulnerable to attack. In fact, event logs are often the first thing a hacker targets, making it even harder to detect malicious changes. Undetected privilege escalation can damage critical IT infrastructure and steal valuable information. To make matters worse, even when malicious changes are discovered, it may be too late to fix before end users are affected, just like in the case above. There is a better way to prevent insider threats, protecting Active Directory and Azure Active Directory from internal attacks, all from a single platform. Cayosoft can help organizations:

Detect Suspicious Changes
Cayosoft Guardian monitors real-time changes to users and their access across Active Directory, Azure Active Directory, Exchange Online, everywhere, in one unified platform. Change alerts ensure a fast response to thwart attacks, protect privileged identities, and secure sensitive information. Once malicious changes are detected a notification is sent via Teams or email with link allowing to launch a restore workflow.

Prevent Privilege Escalation
With Cayosoft Guardian, you can quickly identify and rollback privilege escalation before attackers have a chance to act. Instantly rollback a single change or group of similar changes with one click from a secure, continuous backup, or configure an automatic workflow to instantly rollback such changes.

Implement Least-Privileged Access
Prevent insider threats all together by implementing a system of least-privileged access. Cayosoft Administrator empowers senior IT admins with granular, unified, role-based delegation and rules that control, secure, and simplify the execution of key tasks in the most efficient way possible. Precisely allocate only the necessary user permissions to minimize the potential for costly mistakes and attacks, reducing the need for global or domain admins with too much access.

In addition, Cayosoft Administrator securely deprovisions Active Directory users and groups, even on a schedule, ensuring employees and contractors who leave the organization will have access revoked in a timely manner, avoiding situations like those described above.

Immediately Recover Unwanted Changes
If a malicious user hard-deletes objects, these objects are not preserved in Recycle Bin. Cayosoft Guardian helps you go beyond native tools to recreate hard-deleted objects, such as cloud or hybrid users, including user’s groups, roles, administrative unit memberships, and access to the Exchange Online mailbox.

Looking for more ways to secure and protect your organization? Cayosoft’s Management and Protection Suite is the only complete solution built to manage, monitor, and recover on-prem, hybrid, and Azure AD, and Microsoft 365, in a single platform. 

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.