Cybersecurity Awareness Month is almost over, but this recent article from Forensic Discovery shows how the weakest link for organizations from a cybersecurity standpoint may be their own current or former employees.
Their article Here’s a Cyberattack That Shows the Weakest Link for Many Organizations discusses a cyberattack from a man named Wyatt Travnichek, who remotely shutting down the Post Rock Rural Water District water plant in March 2019 when he was “so intoxicated” he didn’t remember anything.
An operator monitoring the plant remotely on March 27, 2019 saw the water plant had gone down. The operator, whose remote access was cut, then drove to the plant and found controls changed and a filter turned off. Investigators traced the actions to Travnichek through his IP address.
Was Travnichek a super-hacker? Nope. Just a former employee who used a shared GoToMyPC account to allow remote access to the system after hours. The system used a shared password to access software that controls the plant and it evidently wasn’t reset when Travnichek resigned in January 2019, over two months earlier. Why did he shut the plant off? He never gave a reason.
How common is it for former employees to be able to access shared passwords in organizations? You might be surprised! And what should you do about it to protect your organization against threats from current and former employees (and others)? Check out their article here to find that out – and more!
So, what do you think? Could this happen to your organization? Are you sure? 😉 Please share any comments you might have or if you’d like to know more about a particular topic.
Disclosure: Forensic Discovery is an Educational Partner and sponsor of eDiscovery Today
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.