De-provisioning is Just for Former Employees, Right? Wrong!

Posted: May 19, 2010 in Industry Commentary
Tags: , , , ,

There’s the nightmare scenario where your network is targeted by professional hackers in a distant country unleashing any number of bad things on your systems. But, really, any associate with some hacking skills and an active ID into the network can do serious damage.

Case-in-point highlighted by new details that have emerged in last year’s squelched July 4th cyberattack –  that show the damage of a guy ‘just playing around’ and presumably not disgruntled.

Jesse McGraw, 25, worked as a contract night shift security guard at a Dallas hospital. There, he accessed 14 different computers on several occasion and could even retrieve patient data. But his ambitions were even loftier than patient theft. He wanted to show up a rival hacker group.

McGraw, the leader of an online hacker group, installed a program so he could remotely access the data. He planned to use the machines in a denial-of-service attack. This outrageous story took an even weirder turn when authorities learned McGraw had posted a YouTube video of himself sidestepping the computer’s security and then downloading the malware onto a nurse’s station – with the theme of Mission Impossible playing in the background.

Of course, the damage he did was even more far-reaching. According to a statement from the Justice Department:

He also impaired the integrity of some of the computer systems by removing security features, e.g., uninstalling anti-virus programs, which made the computer systems and related network more vulnerable to attack.

Each count McGraw faces carries a maximum 10-year prison term and up to a $250 000 fine. He will be sentenced by a US District judge Jane Boyle on Sept. 16, 2010, reports Inforsecurity.

This is a glaring example of why strict provisioning is absolutely necessary to an organization – especially those involved in healthcare. In the McGraw case, the bad guy was an active employee. Now replicate this across the 10,000’s of provisioned contractors, full and part-time employees, as well as partners that an average healthcare organization has to manage. Further, if HR handles provisioning requests manually from IT … Are you starting to see the issue? But implementing an effective solution to the problem is certainly a complicated process.

Who owns provisioning in an organization? Should it be a shared responsibility?

How common is it for organizations to provision employees at varying tiers?

What to do about users who need network access from time to time, such as contractors?

Comments
  1. […] De-provisioning is Just for Former Employees, Right? Wrong! […]

  2. […] Haus: When dealing with employee terminations, who should own network provisioning – HR or IT? Ben Ruset: Typically HR should notify IT […]

  3. […] De-provisioning is Just for Former Employees, Right? Wrong! […]

  4. […] Provisioning: Q&A with Ben Ruset, Princeton University […]

  5. […] said it before and we’ll say it again – disgruntled, former employees pose a major risk to your network. If […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s