Casey K. Umetsu worked as an information technology professional for a leading Hawaii-based financial company. Shortly after severing all ties with the company, Umetsu accessed a website the company used to manage its Internet domain. Umetsu then used is former employer’s credentials to access the company’s configuration settings on that website, misdirecting web and email traffic to computers unaffiliated with the company, thereby incapacitating the company’s web presence and email.
In light of Umetsu pleading guilty to disrupting the computer networks and operations of his former employer to get his job back and a higher salary, Chad McDonald, Chief of Staff and CISO of Radiant Logic, explains to Digital Journal what this case means for business practices.
McDonald places part of the blame at the door of the company, noting: “The breach by an IT system administrator on his former employer is another example of enterprises continuing to practice poor Identity Access Management.”
He outlines what should have been done: “As soon as the employee was laid off, his credentials should have been removed from the system and he certainly should not have had access to any area of the network.”
Returning to the case, McDonald looks at the damage that was inflicted upon the company, noting: “The breach resulted in the company’s website and email being disrupted, however, the impact could have been much more significant. Insider threats are a real and significant problem.”
In terms of lessons to learn, McDonald spells these out: “A robust identity management program is foundational to mitigating insider risk and should not be overlooked. Additionally, rather than being an ex-employee wanting his job back, it could have been a cybercriminal, who might have stolen personal information, which could have been leaked onto the dark web and led to further cyberattacks on the company, or other crimes being committed such as fraud.”
Stressing the key aspect, McDonald explains: “Fundamentally, today’s enterprise should have a comprehensive information security program that looks at both internal and external risks.”
In terms of wider lessons for businesses, McDonald sees these as: “This incident should be a wake-up call for all organisations about the importance of Identity Access Management. Organisations must define access levels to identity data based upon risk and justifiable need. A strong identification management system would have recognised that the user was a former employee and had no right to access the network, however, this was clearly not in place.
McDonald further recommends: “Businesses need to look at how they can effectively unify and streamline their identity data to provide complete and accurate user profiles. With visibility across all systems, security teams are then able to update the credentials of users in real-time, giving them absolute control over user access and preventing any disgruntled employees from causing major disruption.”
