Three scary, but true, security tales

While Halloween only comes around once a year, there are some truly frightful security mishaps occurring on a daily basis. Some of these mishaps have made headline news, while others were too terrifying to share... until now.

Just in time for Halloween, renowned cyber security expert and SANS Faculty Fellow, Dr. Eric Cole, shares three horrific tales of hideous human behavior which he has personally witnessed and lived to tell! Warning: What you are about to read is real.

Ghosts of Employees Past

Consider this frightening tale. When performing a routine security assessment for an organization, it was discovered that more than 145 accounts of employees who no longer worked for the organization were still active. GASP! Even scarier, when looking for possible activity on these accounts it was discovered that 17 of them were still actively being used. You can imagine the horror, but it gets worse.

[ 5 horror movies that scare security pros ]

After approaching HR to find out if there was anything special about these accounts it was revealed that seven of the 17 people who were actively using their old accounts were fired five months earlier for stealing information about the company and giving it to a competitor. Talk about a nightmare! Fire an employee for stealing, take away their badge but forget to cut off account access, only to learn they continue stealing from the organization even after termination. Now, that is terrifying!

Global Terror

If you don't have goose bumps yet, this global tale will likely raise a hair or two. A large US manufacturing organization with state-of-the-art industrial technology was under constant attack by the Chinese. Every four to six weeks for several years this grotesque scene continued to play out. These compromises wreaked havoc within the manufacturing organization's security environment. Yet despite the disturbing efforts of the Chinese hackers, the company was able to keep its technology a secret. However, for some mysterious reason (OK, because of costs), the executive team decided to move all of its US manufacturing and production to... China. GASP! The security team was left screaming in horror as their worst nightmare came true. Despite being able to successfully fend off the attacks over a three-year period while located in the US, within just two years after moving overseas the Chinese hackers were able to successfully infiltrate. As if this story couldn't get any more horrific, it didn't take long for them to develop a competing product which outsold the US company's product. The US company was forced to close its Chinese operations, as it was unable to compete. While the US manufacturing company is still in business today, its product line went from a billion-dollar product line to a mere million-dollar product line. How's that for a gruesome tale?

A hideous discovery

Still not scared? Here's a wicked story that is sure to give you nightmares. A typical full security assessment of an organization includes the facility as well as the data center; this means checking all policies, personnel, cyber security, and physical security. It was 11 p.m., haunting hours, the ideal time to test out the physical security of a building. Creeping through the dark to make sure the doors were locked, a horrific discovery was made. A door in the back by the loading docks (which just happens to be next to the data center) was unlocked. As if that wasn't frightening enough, right next to the door, along the edge of the wall and out of reach of the motion detector, was all of the company's taped storage! PII and PHI were easily available for any ghoul to take. Because this was a major exposure, someone within the organization had to be alerted immediately, otherwise, walking away knowing there was exposure could result in liability. Thinking this nightmare could not get any worse, the closest person within the organization to the office was the company's CFO who arrived to re-secure and lock the building in flannel, footy pajamas (how about that for a creepy image?).

So what can we learn from these terrifying tales? First, don't assume that processes, procedures and policies are being followed. Verify and check to make sure they are. Second, common sense doesn't prevail in most environments, so don't assume people will make the right decisions. Ensure that employees have the data to support all decisions, so that they are making them in a proper and correct manner.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecuritydata breachsoftwaredata protection

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Cole

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place