As LulzSec has proved with its recent antics, it sometimes takes an attack to demonstrate how secure your systems are.
Whether it is penetration testing or simple configuration, if someone informs you that there is a security issue that is related to your company then it is probably best not to ignore it. On the other hand, it can take a prank to prove a point. A couple of years ago a Macworld keynote was interrupted when Phil Schiller's presentation was hijacked, with messages posted that Steve Jobs had died.
A not too dissimilar report emerged this week stating that a former employee of Baltimore Substance Abuse Systems had hacked into the chief executive's presentation and replaced it with pornography. According to media reports, Walter Powell was fired from his job at the company in 2009 and began hacking into the computer network. The incident with the presentation to the board of directors landed him with a two-year suspended sentence, 100 hours of community service and three years of probation.
Graham Cluley, senior technology consultant at Sophos, said that this sort of case underlines the importance of having processes in place when staff leave, including changing passwords and removing access rights.
Marc Lee, sales director for EMEA at Courion, said: “While we all hope that our trusted employees don't do anything malicious and most of the times they don't, when they do it can be costly and devastating.
“It is important to make sure that those who have the ‘keys to the kingdom' are also overseen. Using access assurance solutions, including privileged account management that enables organisations to require administrators to ‘check out' privileged credentials, can better track which individuals are using and have access to these credentials.”
While Powell's actions may be harmful to the company, I am sure the CEO is glad that this was only a presentation to the board and not to shareholders or customers. Then the results could have been a lot more embarrassing.