Welcome to ThatThirdPartyGuy.com – my website highlighting my journey in third party cyber-security.

Insider Threat – Alive and Well


30 September 2022

Earlier in the year, I posted a blog regarding insider threat (https://thatthirdpartyguy.com/is-insider-threat-we-need-to-worry-about-any-longer/).  My intent was highlight not letting your guard down. In a recent case in Hawaii, the United States FBI investigated an incident that occurred to a company in Hawaii, 

“…settings on that website, Umetsu made numerous changes, including purposefully misdirecting web and email traffic to computers unaffiliated with the company, thereby incapacitating the company’s web presence and email.” Source: https://www.justice.gov/usao-hi/pr/honolulu-man-pleads-guilty-sabotaging-former-employer-s-computer-network

In short, the trusted administrator was let go at the end of contract, but his credentials were not revoked at the same time.  Casey Umetsu, the accused, admitted that he accessed the network and disrupted it to try and get re-hired by the company to fix the issues. 

We’ve seen other issues with un-revoked credentials in recent history as well – https://www.armstrongteasdale.com/thought-leadership/colonial-pipeline-how-hackers-exploited-a-password-policy-problem/

The big takeaways from this? 

  • Insider threat is always present.  Don’t get complacent
  • Enforce a policy to remove employee credentials within hours (not business days – holidays and weekends get in the way of execution) upon leaving the organization.  For privileged employees, you should make sure you have a more stringent policy and an immediate revocation of access rights and credentials