IT Security News and Opinion
Saturday May 19th 2012
Protect Your Private Data

Shionogi Shutdown and the Power of IT

Recently, I came across an article by Robert McMillan in Computerworld that really got my attention. McMillan’s article covers an event that occurred earlier this year in which Jason Cornish, a former employee of U.S. pharmaceutical company Shionogi, was able to destroy most of the company’s computer infrastructure.

Cornish was laid off in 2010 along with some other employees. Unfortunately, Shionogi did not change the passwords that gave Cornish access to systems and applications on the company’s network. Cornish was still able to use his credentials to log into the company’s network from a public McDonald’s WiFi connection in February and launch a vSphere VMware management console that he’d secretly installed on the company’s network a few weeks earlier.

According to the story, Cornish deleted 88 company servers from the VMware host systems, one by one. The U.S. Department of Justice reported that the attack effectively froze Shionogi’s operations for a number of days, leaving company employees unable to ship product, cut checks, or even communicate through e-mail.

This story is just another unfortunate example of too many people having too much access to sensitive data for too long. Because many companies blindly trust the members of their internal IT departments and fail to control access to sensitive data, what happened at Shionogi is certain to reoccur again and again.

The Shionogi incident is solid proof that IT departments absolutely must change their privileged account passwords regularly – and have the tools in place to revoke privileged access immediately when job roles change. It is evident that the wrong IT employees can be granted full administrator access – and use that access with crippling results.

Our latest survey found that 78% of the IT professionals interviewed admitted they could walk out of the office taking highly sensitive information with them. Cornish clearly fit into that mold, but your own IT staff can be made accountable if you take the right steps to secure privileged logins. The best advice I can give to any organization is to make security a strategic investment and deploy software that automates privileged identity management.

Does your company change its privileged account passwords regularly? Share your thoughts in the comments below. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

  • Facebook
  • Twitter
  • LinkedIn
  • Delicious
  • Google Buzz
  • Technorati Favorites
  • Yahoo Buzz
  • Digg
  • Windows Live Favorites
  • Blogger Post
  • Google Reader
  • MSDN
  • Share/Bookmark
Post Published: 02 September 2011
Author: Philip Lieberman
Found in section: Emerging Threats, Latest IT News, Security Best Practices

Tags: , , , , ,

Previous Topic:
Next Topic:

Leave a Reply

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security ArcSight Casino security Cloud Computing Cloud Security CSO cyber-attacks Cyber Security data breach Data Breaches Datacenter Security Data Security Department of Defense enterprise security Governance Risk and Compliance Identity Management Information Security Insider Threats Internet security IT IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats Password Security PCI-DSS Compliance Ponemon Institute privacy privileged accounts Privileged Identities privileged identity management RSA Sarbanes Oxley Compliance Securing Legacy Applications Security Management SIEM smart card Sony SOX Compliance Windows 7 Windows XP
Visit the Lieberman Software Website