Preventing the Exfiltration of PII from a Malicious Administrator
A major pharmaceutical company (Client) made the decision to terminate an administrator and was concerned about the malicious exfiltration of personally identifiable information (PII) before his termination.
The administrator was being terminated for poor performance and abused his accesses to view the HR director’s files and emails through which he learned of his pending termination. After he directly confronted the HR director about his termination, the Client engaged Nisos to discreetly monitor the administrator’s activity to ensure that he did not perform malicious acts against the Client’s interests prior to termination. Of particular concern was the potential that the administrator would destroy or exfiltrate intellectual property or cause harm to the company’s network. The Client turned to Nisos to bring a high level of sophistication and discretion in conducting such operations without alerting the threat actor.
In coordination with and under applicable legal privileges extending to Client’s outside legal counsel, Nisos gained access to the company’s network. We were able to access the administrator’s machine, escalate privileges, and install monitoring software – unbeknownst to the administrator – allowing us to review keystroke logs, take screenshots, and intervene in the event the administrator engaged in malicious activity.
During the continuous monitoring process, we observed the administrator copying personal files from his work-issued laptop to a personally-owned, external hard drive. It was during this period that we identified the administrator had previously copied a file containing company executive PII. Outside of that previously copied file, we did not see evidence of further violations of company policy, tampering, or destruction of the company’s network.
Upon completing the termination and obtaining the employee’s laptop, the Client leveraged the acts of copying information to the personally-owned external hard drive during the exit interview. While the Client could not seize the personal hard drive, the Client reminded the terminated employee of his responsibility to delete any and all company data from the external hard drive. To protect its interests, it required the terminated employee to attest that the data was deleted and that any information on the personal external hard drive would not be released. It asserted that any deviation would result in successful legal action, given the breadth of evidence the investigation had uncovered and the thoroughness of the approach that was employed to terminate his employment. The employee was successfully terminated without further issue preventing the potential loss of significant company data and potentially legal fallout in the process.
Nisos is the Managed Intelligence company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.
For additional information, contact email@example.com