Sometimes, the biggest threat to a business lies within – that’s the lesson that Citibank learnt when a disgruntled employee managed to shut down 90 per cent of its US network.

Lennon Ray Brown, who worked full-time for Citibank, was recently found guilty of causing intentional damage of a protected computer. According to the court report, he transmitted a code and command to ten core routers at the Citibank Global Control Center. As a result, nine of the routers had their configuration files erased, causing most of its North American network to go down.

Identifying and preventing insider threats is something that all businesses must think about, as an incident like that above could happen anywhere.

There are lots of different reasons current employees choose to attack a business from the inside. In this case, it seems Brown was an emotional attacker, as the text message from him to another co-worker sent just after he shut down the network indicates:

“They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team. Sorry if I made my peers look bad, but sometimes it takes something like what I did to wake the upper management up. [sic]”

Signs of a potential attacker                             

Other employees might just be opportunists who believe they can get away with it, or they could be employed to gain access to a company from the inside. In most cases, attackers want to achieve one of two things: to harm the company in some way, or steal/commit fraud for personal gain.

Luckily, there are a number of things organisations can look out for in order to prevent attacks from rogue employees:

  • Displaying signs of dissatisfaction, usually vocally
  • Error log evidence – some attackers may forget to cover their tracks by erasing log files
  • Poor social skills, addiction to drugs or alcohol, past history of rule violation
  • Evidence of collecting information – e.g. testing countermeasures
  • Unusual computer usage patterns