The Human Factor in Cybersecurity: Lessons from a Recent Incident in Singapore

Overview of the Incident?

In a notable case in Singapore, Kandula Nagaraju, a former employee of NCS, an information communication and technology services company, was sentenced to two years and eight months in jail for unauthorized access to computer material. Upset about his termination, Nagaraju accessed his former company's quality assurance (QA) computer system and deleted 180 virtual servers, causing approximately S$918,000 (US$678,000) in damages.?

Details of the Case?

• Background: Nagaraju was part of a 20-member team responsible for managing NCS's QA computer system, which tests new software and programs. His employment was terminated in October 2022 due to poor performance.?

• Unauthorized Access: After returning to India, Nagaraju used his laptop to access NCS's system multiple times between January and February 2023 using administrator login credentials. He later returned to Singapore, where he continued accessing the system using a colleague's Wi-Fi network.?

• Malicious Actions: Over several months, Nagaraju wrote and tested scripts designed to delete the virtual servers. In March 2023, he executed a script that systematically deleted all 180 servers, causing significant disruption and financial loss to NCS.?

The Human Factor in Cybersecurity?

This incident underscores the critical importance of considering the human factor in cybersecurity. While technical measures are essential, the actions of individuals within an organization can have profound impacts on security. Here are key lessons and best practices that organizations can derive from this case:?

1. Psychological Well-being of Employees: Understand and address the emotional and psychological state of employees, especially during terminations. Providing support and clear communication can help mitigate negative feelings that might lead to retaliatory actions.?
2. Immediate Revocation of Access: When an employee is terminated, especially under contentious circumstances, it is crucial to immediately revoke all access privileges to company systems. This includes deactivating user accounts, changing passwords, and ensuring that any remote access capabilities are disabled.?
3. Behavioral Monitoring: Implement regular audits and monitoring of user access and activity logs to detect any unusual or suspicious behavior. Continuous monitoring can help identify potential threats early and prevent security breaches.?
4. Role-Based Access Control (RBAC): Employ role-based access control to limit the access employees have to only those systems and data necessary for their job functions. This minimizes the potential damage that can be caused by a disgruntled employee.?
5. Comprehensive Exit Procedures: Develop comprehensive exit procedures that include a debriefing session, return of company property, and revocation of access rights. Ensure that terminated employees understand the legal implications of unauthorized access.?
6. Incident Response Plan: Develop and maintain a comprehensive incident response plan that includes procedures for detecting, responding to, and recovering from cybersecurity incidents. This plan should be regularly updated and tested through simulations.?
7. Employee Training and Awareness: Regularly train employees on cybersecurity best practices and the importance of protecting sensitive information. Awareness programs can help prevent accidental or intentional security breaches.?
8. Strong Authentication Mechanisms: Use strong authentication mechanisms, such as multi-factor authentication (MFA), to provide an additional layer of security. MFA can significantly reduce the risk of unauthorized access even if login credentials are compromised.?
9. System Redundancy and Backups: Ensure critical systems and data are backed up regularly and that backups are stored securely. Implementing redundancy can help mitigate the impact of data loss due to malicious actions or other disasters.?
10. Legal and Disciplinary Measures: Clearly communicate the legal and disciplinary consequences of unauthorized access and data manipulation to all employees. This can act as a deterrent against malicious actions.?

Conclusion?

The case of Kandula Nagaraju highlights the severe consequences of neglecting the human factor in cybersecurity. By integrating psychological and behavioral considerations into security protocols, companies can better safeguard their systems, data, and reputation against similar threats. Cybersecurity is an ongoing process that requires continuous attention, proactive measures, and a culture of security awareness that includes understanding and addressing human motivations and behaviors within the organization.?

Connect with us on Facebook to stay updated on cybersecurity insights and news. Follow our page here.

For business inquiries or to learn more about our solutions, contact us at [email protected].