Part one of a three-part series on system access assessments

It’s probably the worst nightmare of any employer: When a former employee with a grudge hacks your company.

According to the Federal Bureau of Investigation and the Homeland Security Department, this kind of revenge is on the rise. “Companies victimized by current or former employees incur costs ‘from $5,000 to $3 million,’” said the agencies.[1]

One company that barely dodged this damage is Fannie Mae. In 2008, an engineer at the company was allowed to continue his work after he was told he’d be let go at the end of the day. The disgruntled employee spent his afternoon embedding scripts that would have disabled the system and wiped out all data from 4,000 servers. Fortunately, another employee alerted authorities before the launch code was triggered.

We can learn a lot from the situation at Fannie Mae. Take, for instance, the matter of employee credentials. It turns out that the angry employee had privileged access to the system. His sinister actions didn’t set off any alarms because he was allowed to be there.

But if you think your employees are too happy to cause security problems, think again. Happy employees can make cybersecurity mistakes that leave your company vulnerable to attackers – especially outside attackers. As it turns out, credentials are in high demand on the black market. Health insurance credentials, for example, are valued at $20 to $40 for cyber criminals. Compare this with $1 to $2 that criminals are paid for U.S. credit card numbers.[2]

Whether your employees are happy or disgruntled, let’s take a look at two common ways that their credentials pose cyber risks for your organization.

One risk is when an employee’s account is not disabled properly. Perhaps he left your organization a couple of months ago, but your system administrator forgot to disable his account as part of exit policies. This is the risk that the people at Fannie Mae took by not following best practices and immediately revoking system access of a terminated employee.

Another common risk is when a user receives credentials but never logs on. This can happen if, for example, a new employee is granted access to multiple systems but ends up not using one or more.

In both cases, the danger is that you’ve left a crack in your security. You now have a vacant account that’s left unsupervised, making your system vulnerable to attack. Disgruntled employees or outside attackers could use your credentials to gain access to your network and move around undetected within your organization. They’ll have plenty of time to observe how your system works, wreak havoc on your operations, or steal data.

So what can your organization do to minimize the risks with credentials?

Your first step is a credentials access assessment. The credentials that are posing a risk to your organization are only discovered through an investigation by a credible cybersecurity firm. It’s not uncommon to find up to 40 risky accounts in one company.

Your second step is a remediation plan. A cybersecurity firm will run automated processes on your environment to quickly delete, move, or disable vulnerable accounts. You’ll be guided on the best account management practices, including separating duties so that no one employee can perform all privileged actions for a system or application. They’ll also get help in implementing the “principle of least privilege,” granting only the bare minimum privileges needed to perform a job.

Your third step is continuous monitoring. The assessment and remediation process is fairly complex, and the cyber environment remains dynamic. You must keep regular tabs on your network to continue to protect your organization from attackers.

With hacking on the rise by people who are both inside and outside of your organization, it’s important to keep a close eye on your credentials. Take inventory with a credentials access assessment – and then remain cautious about who holds the keys to your organization.

Umesh Verma, CEO, Blue LanceUmesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedInFacebook, or Twitter.




[1] Chris Strohm, “Unhappy Workers Hacking Employers on the Rise, FBI Says,”, accessed February 23, 2017.

[2] Data from cybersecurity firm Dell Secure Works.