21-Month Sentence for Cyberattacks Against School, IT Firm
A UK court has sentenced a former IT tech to 21 months in jail for launching cyberattacks against a school and an IT firm. Adam Georgeson had worked for the school, but was fired after they learned of prior fraud convictions. He launched the attack against the school while employed at an IT firm. After he lost his job at that firm, he launched an attack against its network.
Good reminder for security teams and IT teams: background checks should be a regular part of hiring anyone who will be given privileged system access. Not a popular topic, but critical. While you’re working with human resources/employment, make sure that when the decision is made to terminate an employee turning off all internal and remote access is part of the process.
The employee had two prior convictions for fraud which, when discovered, resulted in his termination. It is better to do background checks up front, even though they may slow the onboarding processes, rather than having to deal with a disgruntled employee who may have privileged access. For those already doing background checks, how many of you are revisiting them at some interval? I have seen good people make bad choices; I’ve seen employers help that employee retain their job and recover from those decisions.
A privileged, insider threat is one of the toughest to detect and respond to. I am familiar with only a few organizations that have dedicated insider threat programs and teams. As usual, consider your threat model and maturity level without focusing on only a single type of threat.