Insider at Cal Water steals $9M and runs


Fondren is alleged to have gotten at least some of the information from a classified government computer using his top secret clearances and access. Last August, Rene Rebollo, a former financial analyst at Countrywide Financial Corp., which he then sold to information brokers.

Most notoriously, last July, Terry Childs, a former network administrator for the City of San Francisco's by resetting administrative passwords to its switches and routers, and then refusing to divulge the new passwords.

Security analysts have been cautioning about the insider risk for a some time, but an increase in incidents highlights the continuing challenges companies face in dealing with the issue. A recent survey by SailPoint Technologies of 125 large companies found that eight out of 10 of the businesses were concerned about insider threats.

At the same time, though, about 57% of the respondents said they did not have thevisibility they needed across their networks to prevent insiders from abusing their access. Less than two in 10 felt they had the controls needed to deal with insider threats.

The latest incident highlights some of those issues. The apparent fact that Abdi was able to access his company's secure facility after he had resigned points to a lack of "leaver" or termination controls, said Brian Cleary, vice president of products at security vendor Aveksa Inc. Such controls require a full understanding of the access rights that a particular user has and on creating a process for removing that access across a multiple applications, he said.