Rogue Techie Offers Cautionary Tale for SMBs

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

SMB Disaster Preparedness: A Recipe for Disaster

SMBs are not making disaster preparedness a priority until after they experience a disaster or data loss.

A report published in Computerworld tells of how a disgruntled ex-employee decided to take revenge against his former employer by illegally accessing the network from a remote location. The man succeeded in severely disrupting the company's operations, causing a staggering US$800,000 in damages.


According to the article titled, "Fired techie created virtual chaos at pharma company":

Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty Tuesday to computer intrusion charges in connection with the attack on Feb. 3, 2011. He wiped out 15 VMware host systems that were running e-mail, order tracking, financial and other services for the Florham Park, New Jersey, company.

It was understood that Cornish logged into Shionogi's network from a public Internet connection at a McDonald's restaurant in Georgia, which implies premeditation to mask his tracks. Once inside, Cornish methodically worked through the 15 VMware host systems to delete a total of 88 virtualized company servers. The attack froze operations for a number of days, resulting in company employees being unable to perform business activities or even communicate via email.


Virtualized Servers Need Security, Too


One lesson that we can glean from this unfortunate incident is how virtualized servers require some form of security protection. The ease with which virtual servers can be deployed does also mean that they are particularly vulnerable to hackers or insiders bent on demolishing a company's infrastructure. Instead of having to break into two or three dozen different computers, virtualized environments are usually managed from a centralized management console, which represents a single point of vulnerability.


Eric Chiu, founder and president of HyTrust, a virtualization security and compliance solutions vendor, placed the blame on the lack of proper security controls. Chiu wrote in an email: "The breach at Shionogi is a great example of how vulnerable virtualization infrastructure and the cloud can be. Critical systems like e-mail, order tracking, financial and other services were impacted, having been virtualized without the proper controls in place." Chiu reckons that the multiple days of downtime could have been prevented with the right automated controls in place.


Survive Sabotage with Proper Disaster Recovery


While it may be easy to pass the blame to reasons such as the "poor revocation of passwords," the truth is that disgruntled administrators with the motivation to cause damage have practically unrestricted opportunity to modify existing systems or surreptitiously install remote control software to aid their return. SMBs are particularly vulnerable given the relatively smaller sizes of their IT departments, and how it results in fewer overlaps, and oversight, in various areas of responsibilities.


Treating IT staffers well and adequately rewarding competence are good long-term strategies; another mitigation measure against rogue staffers would be to ensure the presence of robust and tested disaster recovery procedures. This should include the use of offline data backup stored at a remote location to form an additional line of defense against digital oblivion. I have written a number of blogs on the topic of disaster recovery, such as "Keys to a Successful SMB Disaster Recovery Implementation" and others which are linked from this "SMB Guide to Business Continuity and Disaster Recovery."