The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel.
More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
The case highlights the growing problem of disgruntled, or simply greedy and unscrupulous, ex-staffs turning themselves into threat actors in order to harass their former employer or extort cash in the form of untraceable cryptocurrency. According to a recent report from cybersecurity company Proofpoint, 2024 Voice of the CISO, Global Insights into CISO Challenges, Expectations and Priorities, insider threats are among the five top concerns facing corporate information security officers (CISOs). Almost three-quarters, 73 percent, of CISOs said that employees leaving their organization played a role in a data loss event.
Ex-employees represent a growing security risk
The security risk presented by ex-employees has been rising in line with layoffs and increasing global economic uncertainty. Over 70 percent of cybersecurity professionals polled in an SC2 Cybersecurity Workforce Study published 12 months ago agreed that times of economic uncertainty increase the risk of malicious insiders. Half of all cybersecurity professionals taking part in the study had personal or second-hand contact with a malicious insider within the previous year.
Companies should do their utmost to ensure that staff are fairly treated and leave on relatively amicable terms if their employment is terminated. But they should also take firm steps to ensure that former staff do not leave, taking away access codes or passwords that are still in use. At the very least, stringent access control policies must become standard. The swift revocation of system privileges for terminated employees is also essential to protect crucial data from theft as well as to protect against deliberate acts of corporate sabotage.
