A story about a convicted hacker who was given complete access to a prison mainframe and subsequently closed it down is reminiscent of modern business practise.
A report by the Daily Mirror claimed that a jailed hacker shut down a prison's entire computer system after he was given the job of programming it.
It claimed that Douglas Havard, who was serving six years for stealing up to £6.5 million using forged credit cards over the internet, was approached after governors wanted to create an internal TV station but needed a special computer program written.
He was then left unguarded and hacked into the system's hard drive at Ranby Prison in Nottinghamshire. He apparently set up a series of passwords so no one else could get into the system. He was put in segregation as punishment after having left the system crippled.
Phil Neray, VP of security strategy for Guardium, claimed that this is reminiscent of how organisations are not implementing the right monitoring controls to ensure that insiders do not abuse their privileges.
Neray said: “This is clearly a serious judgment error, in that they gave a sophisticated cybercriminal access to important computer systems. However most organisations give similar administrative access to their IT employees, developers and even to their outsourced personnel.
“The vast majority of IT insiders are not malicious, but you never know when you might encounter a rogue employee who's having personal financial issues or is simply disgruntled. In other words, you need to ‘trust but verify' by continuously monitoring the activities of anyone who has the ‘keys to the kingdom'.”