In a recent survey conducted by the U.S. Secret Service together with Carnegie Mellon University’s Software Engineering Institute CERT Program found that eighty-six percent of people who carried out insider sabotage held technical positions and ninety percent had system administrator or privileged system access – which meant they held the passwords to over-ride the system and access the network!
The good news? Only forty one percent of those who sabotaged IT systems were employed at the time. However the bad news was that the majority of the insider attacks took place after termination! In these cases, perpetrators kept their super-user and privileged access rights after being terminated. Once they were out the door, they often used their privileged system access to set up their attack, taking advantage of a lack of security controls and gaps in their organization’s access controls.