Big themes in security – Rogue employees

Every organisation is a potential hostage to the actions of the ‘rogue’ employee, however well organised its internal security measures. After all, insiders are responsible for two-thirds of all security incidents.

Rogues can come in many guises. The most innocent, although not necessarily the least dangerous, are those who, either out of ignorance, frustration or simply


60 second Q&A: Jan Hruska, CEO of Sophos

How have viruses changed?

Viruses are travelling faster than ever before. Most continue to use email to propagate, some use other methods, such as Microsoft security vulnerabilities, Internet chat systems and file sharing networks.

What motivates the current generation of virus writers?

The same thing that motivates most people: money, recognition, power and respect from peers. We regularly see viruses with messages from their authors. These messages are sometimes political: The Zafi worm, first seen at the end of April, attacks what its author perceives as a lack of patriotism in Hungary.

How often are viruses and worms used to gain access to corporate networks?

We are seeing a growing number of viruses that open ‘back doors’ as part of their payloads. Viruses that do this can allow unauthorised users to find, download, execute or delete files. We expect this trend to continue for the foreseeable future.



by accident, bypass existing security practises.

In this way viruses can evade corporate firewalls via a carelessly opened email, an unprotected home PC or laptops holding confidential information left in taxis.

Then there are the rogues who abuse their IT privileges for criminal gain, or simply out of spite: employees who steal money or information electronically and IT staff who exorcise grievances by sabotaging systems.

Sometimes, they are aided by sloppy corporate security that grants systems administrators too much power or by a failure to delete ex-employees’ accounts the moment they walk through the exit door.

There is also some evidence of another kind of rogue – the ‘sleeper’ who joins an organisation specifically to penetrate its security, either independently or as part of an organised criminal conspiracy.

There are no foolproof technological safeguards against the activities of rogues, but some common sense measures can reduce the risks. For example, many companies scan their own premises for signs of unofficial WiFi networks, installed by staff who want to enjoy the benefits of wireless networking, but who fail to take account of the security risks.

At the same time, improved ID management can ensure that staff have access only to the systems they need to do their job, while highlighting evidence of rogue activity when, for example, someone repeatedly tries to log on to a system they should not be accessing.

Ultimately, much security comes down to setting an appropriate balance between trust and policing. For example, at the outset of an individual’s employment, companies need to conduct thorough background checks on anyone whose job requires high-level access before they are allowed through the door.

Once they do cross the corporate threshold, security policies and the responsibilities they place on individuals need to be spelled out at the induction and routinely refreshed.

This is just good practice, but it is worryingly absent at many organisations.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics