Deprovisioning administrative access: How careful are you?

FBI investigation on Shionogi security incident reveals the involvement of a former employee

Lord Tennyson’s immortal words “Men may come and men may go, But I go on for ever” hold good universally. For IT enterprises, where the attrition rate is very high, these words have more relevance. Steady stream of personnel come in and another stream keeps going out.

When people leave the organization, does your enterprise have an effective ‘deprovisioning’ process in place to ensure that the former colleague will not continue to access the corporate network?

This question may sound trivial because as the saying goes ‘out of sight, out of mind’, most of the employees leaving the organization will not care to access the network of their old workplace. But, numerous security incidents across the globe prove that a handful of persons with malicious intent and disgruntled workers indeed try to wreak havoc on the business of their former employers.

The FBI has recently published the outcome of an investigation of a cyber-crime, in which a 37-year old techie gained unauthorized access to the network of his former employer,a New Jersey pharmaceutical company and deleted portions of its computer network and virtually crippled the operations of the organization for days together. It was a kind of revenge he was taking on his former employer!

Jason Cornish, 37, was an information technology employee at Shionogi, Inc., a United States subsidiary of a Japanese pharmaceutical company with operations in New Jersey and Georgia.

During September 2010, shortly after Cornish had resigned from Shionogi, the company announced layoffs that affected Cornish

Leave a Reply

%d bloggers like this: