Angry Employees Downloading Viruses And Spyware On Purpose?
from the take-that dept
While external hack attacks have surpassed disgruntled employees causing problems, that doesn’t mean those disgruntled employees don’t exist. While the more technically minded disgruntled employees may cause problems by shutting down a computer system or some other nasty little trick, apparently some upset employees are taking to a different form of corporate “civil disobedience.” 23% of companies surveyed claim that they believe upset employees are downloading viruses and other malicious software on purpose just to cause trouble (the article doesn’t make it clear how these companies knew the downloads were on purpose — so you could question the study on that point). This doesn’t go quite as far as the employee who wrote and sent out a virus to colleagues, but it certainly seems like the type of internal “hack” less technically savvy employees might try. Still, the overall impact of a company with any decent security software is likely to be minimal. Update: Ed Bott digs a little deeper and questions the study. His concerns are probably accurate.
Comments on “Angry Employees Downloading Viruses And Spyware On Purpose?”
CYA
Doesn’t the idea that a company’s employees are intentionally downloading viruses sound like a convenient way for the people in charge of IT security to say it’s not their fault? “Well, I hate to say this, but we can hardly protect against viruses if our own people are working against us.” My extensive experience on both sides of the management divide has left me with the idea that managers are routinely encouraged to think of their employees as lazy, resentful, and malicious, so in a lot of cases it wouldn’t be much of a stretch for them to believe this — and for some people, it would be easier to swallow than the idea that they can’t really protect their system from attack.
Re: CYA
When I read the statement, “IT security to say it’s not their fault?”, it sounded like politics being played. One of those, ‘I’ll show them who was right all along’ scenerios. This problem addresses the lack of maturity in the industry. Eventually, this type of problem will all be moot.
How they know it's on purpose
Corporations log all HTTP/FTP requests from internal clients to the Internet. Often the user is required to authenticate to the gateway, so you know it’s really the employee not J. Random Hacker.
If the logs show somebody searching google for VX information, seeking out exploit sites, and then downloading .arj files named for worms, then hunting around for a .arj extractor and downloading that, it’s rather obvious what was going on.
hottie in marketing...
I’ll tell you what, tho…that uber-hottie in marketing can download spyware all she wants if it means I get to sit in her cube flirting while running Spybot and AdAware…. 🙂 🙂
lets have SEX BABY