Somehow it seems that the concept of treating other peoples’ property with the same care that you treat your own seems alien, even in the family. So I guess it should not come as a great surprise that other peoples’ sons and daughters are exactly the same. And every business is full of other peoples’ sons and daughters. So it only seems logical that somebody has to be mother in any business – double checking that the backdoor is locked.
As we discovered in a recent survey not only are backdoors left open but frequently although people know they are open they can’t be bothered closing them – after all they might need access themselves at some point. More than a third of people interviewed admitted that they still had backdoor access to their old employers’ data and a quarter of those interviewed knew that former colleagues could access – and yet they did nothing about it – My family would be proud of them!
How serious can a backdoor be? The recent example of a large global retailer who was "hacked" for several months, maybe a couple of years, resulting in huge amounts of customer data going out the "backdoor" - they may never know just how much the lost – is clearly just the tip of the iceberg – unless the other 99.99% of those with backdoor access are only keeping their backdoor access out of some sentimental reason. One reason why one could suspect that it might have been a former employee is the quote from the company – "We believe that the intruder had access to the decryption tool for the encryption software utilized.." – Now either they are using the worst encryption tool ever invented in which case they have duty to name the supplier, or more likely somebody "accidentally" managed to access the recovery keys – or maybe it was supposed to be encrypted. Like the recent incident with a UK bank, "The disk would usually be encrypted. Unfortunately, due to human error on this occasion the usual policy was not followed."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.