Cyber security is very important, but so is compartmentalization as an article in The Register makes very clear. A Texas based company fired an employee, because they hadn’t properly compartmentalized access to passwords for the company.
This one employee was able to access all the passwords on his own and emailed them to himself, thus allowing him to get revenge on his work and commit criminal hacking, which lead to losing over $100,000 of customer orders, not to mention the third party companies they had to pull in to audit the systems to recover from the damage the disgruntled employee had caused.
The employee was arrested by the FBI for violating the computer fraud and abuse act and exceeding authorization. If the company had properly compartmentalized access to each password, so one employee wouldn’t have had access to all of them, this wouldn’t have happened. Unfortunately, this didn’t take place nor did they reset passwords the employee had access to, which is standard procedure with companies who hire us.
