Fired Employee annihilates 23 of ex-employer’s AWS servers: Lessons to be Learned

An ex IT employee has been sentenced to two years in prison after causing severe disruption in a digital marketing and software company. The ex-employee, who used stolen login credentials to get into the computer account of a former colleague, deleted 23 servers in a vengeful attack which was carried out after they were let go for poor performance.

Following the attack, the company lost big contracts with transport companies and Police have estimated that the wreckage has caused a loss of £500,000. Furthermore, the company reports that they were never able to retrieve the deleted data back.

How could this have been avoided? Here are 4 essential lessons your organisation can learn to avoid future insider threats.

1. Restricting Access to Sensitive Information

Within an organisation, the potential threat of disruption increases when there are multiple administrative, shared or privileged accounts which give employees wide-ranging access to most systems, applications or databases. To ensure that systems, applications and databases remain secure, organisations improve internal security controls around privileged accounts via encryption, password protection and auditing of system access.

2. Password Refresh and Multi-Factor Authentication

When an employee leaves your organisation, it is best to update any shared passwords that the ex-employee may have had access to. Your organisation should furthermore revoke access to their old company account, including access to emails, cloud files and online databases.

For extra security measures, enable multi-factor authentication to ensure that only the designated user can login to the account.

3. Back-up your data!

Backing up your systems, applications and databases is an essential lesson that you should take away from this story. By failing to adequately back-up your systems, your company could potentially suffer from financial loss, reputational damage and further lose clients, customers and contracts.

When backing up your data, don’t just make one copy – make multiple copies and ensure that access is restricted to these also. You should furthermore have a back-up of essential data in a secure location, away from your physical office space, to ensure that a back-up can be implemented if other copies are stolen.

4. Shift your Organisational Culture

One lesson that your organisation can take away from this story is to shift organisational expectations and perceptions of insider threats. Insider threats must be taken seriously. Any employee at any level of your organisation can cause disruption, intentionally or accidentally, if they have privileged access.

To ensure that a positive cyber security culture is enabled in your organisation, you can take advantage of Curious Frank’s wide range of services – including Cyber Security Awareness Training.

Our Cyber Security Awareness Training is available to help raise awareness with all staff members, from directors to new employees, to ensure they understand the threats that are faced on a daily basis. Our training involves sessions which include live demonstrations of the techniques used by cyber criminals to install malware and to steal information.

To find out more about our Awareness Training sessions, please click here. Alternatively, you can contact us to discuss your specific needs.

- Curious Frank Team

Useful Links
Site Information
Follow Us
Contact Us

A division of the Scottish Business Resilience Centre

Oracle, Blackness Road

Springfield, Linlithgow

EH49 7LR

  • Twitter - White Circle
  • LinkedIn - White Circle
  • Facebook - White Circle
  • Spotify - White Circle
  • YouTube - White Circle

© Curious Frank 2019