The rogue IT Admin

by | Feb 13, 2020 | Business

74% of data breaches involved privileged credential abuse. 


Who has access to private data at your business? What policies do you have in place to ensure that your internal IT department is accountable?

When it comes to user access, every organization needs to:

  • Limit privileged access.
  • Ensure restricted access to: infrastructure, databases, network devices, cloud environments etc.
  • Implement zero trust “never trust, always verify, enforce least privilege.”
  • Terminate privileged access as needed.
  • Remove stale user accounts in active directory. “Inactive” accounts pose security risks if not properly disabled.
  • Implement cybersecurity training so that employees will not allow themselves to be tricked into giving away permissions.

The Rogue IT Admin that went too far...


Desjardins – “Malicious” employee with unauthorized access illegally used the internal data of its customers which resulted in 2.9 million data breaches impacting 4.2 million people in June 2019. Desjardins is now offering free lifelong credit monitoring to all its member. The credit union has spent $70 million dealing with the incident and the a class action lawsuit is ongoing. Review the full incident here.

Who is responsible at the end of the day?


In speaking about the Desjardins breach, Mark Sangster, VP of eSentire asks:

“What policies were in place to denote those as illegal or unauthorized? What training was in place? What background checks were committed? What other checks and balances from a security perspective were implemented that would prevent this from occurring?”

Canadian Pacific Raliway (CPR) – Following a suspension, a former IT administrator used his work notebook and credentials to log into CPR’s computer network switches and locked out CPR, removed admin-level accounts, deleted certain key files and changed some passwords causing parts of the system to go down. Ex-employee was found guilty and jailed for 366 days. Review the full incident here.

Avenue Living – Ex-employee of small property management firm based in Alberta accessed the personal data of 30 of its tenants to apply for credit cards. Lease applications were not encrypted at the time in which the data was stolen. Four individuals were charged and Avenue Living was instructed by the Office of Information and Privacy Commission of Alberta to post notices of breach in local newspapers. Review the full incident here.

If you are concerned about data security at your organization, contact a ?!