Cybersecurity Awareness Month is almost over, but this recent article from Forensic Discovery shows how the weakest link for organizations from a cybersecurity standpoint may be their own current or former employees.
Their article Here’s a Cyberattack That Shows the Weakest Link for Many Organizations discusses a cyberattack from a man named Wyatt Travnichek, who remotely shutting down the Post Rock Rural Water District water plant in March 2019 when he was “so intoxicated” he didn’t remember anything.
An operator monitoring the plant remotely on March 27, 2019 saw the water plant had gone down. The operator, whose remote access was cut, then drove to the plant and found controls changed and a filter turned off. Investigators traced the actions to Travnichek through his IP address.
Was Travnichek a super-hacker? Nope. Just a former employee who used a shared GoToMyPC account to allow remote access to the system after hours. The system used a shared password to access software that controls the plant and it evidently wasn’t reset when Travnichek resigned in January 2019, over two months earlier. Why did he shut the plant off? He never gave a reason.
How common is it for former employees to be able to access shared passwords in organizations? You might be surprised! And what should you do about it to protect your organization against threats from current and former employees (and others)? Check out their article here to find that out – and more!
So, what do you think? Could this happen to your organization? Are you sure? 😉 Please share any comments you might have or if you’d like to know more about a particular topic.
Disclosure: Forensic Discovery is an Educational Partner and sponsor of eDiscovery Today
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
This incident highlights a sadly too-common issue: Poor off-boarding procedures, or the failure to follow those procedures if they exist. Time and again, we hear news stories of ex-employees (often those who did not depart willingly) who access restricted information for nefarious reasons, perform harmful/criminal acts such as this one, or other acts. The most common reasons seem to be not turning off access cards, not deleting email or systems logon passwords…simply not “cutting the cord” to all access, physical and electronic, immediately upon termination, whether a mutually-agreed upon departure, resignation, or firing.
So often it isn’t lack of procedures leading to these incidents, but lack of enforcement of procedures already in place.