quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.
IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank’s top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.
any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?
thx 😎
You must log in or register to comment.
- Why is the IT guy trusted with access to sensitive data after handing in his notice?
- Why does he have access to data that is probably not related to his job?
- Is access to the database monitored? It should trigger an alert if an employee accesses lots of data.
- Apparently, he successfully bypassed the DLP (Data Loss Protection) systems in place by using optical media.
And lastly, insider threats like this are really not easy to mitigate. You said that in this example it was an IT guy. There are lots of different ways to export data from a system when you have privileged access to servers.
There was a recent case in South Korea where it was bypassed by just writing it down with pen and paper manually.
That was one of the little things I remember from one of the various Warthunder leaks. The guy was sharing military secrets by copying the info by hand but only got caught after he started copying the documents in other ways because he felt like people weren’t giving him enough respect for his handmade copies.
Some operational security questions: What’s this trainee doing? Why was it a trainee noticing things being put in backpacks? Why was the trainee the one notifying security?
Are there protocols in place for media being brought in or out of the facility and its workstations? Why or why not? Was the trainee the only one who reviewed them recently enough to notice a breach and alert?
But most importantly and at any rate you don’t do the grand heist on the last day. Rookie move.
First draft Raiden from Mortal Kombat looking dude.
Came here to say this exact thing hahahahahaha!
Why did the bank have CD Roms/writers? Secure institutions computers from those devices, locked cases and physically secured ports. Network alarms triggered if anything gets inserted.
Edit: also alarms and logs of anyone who accesses large volumes of data, let alone copies.
Trainees shouldn’t be able to access the “top clients” anyway.
