A company I worked for saw an employee gradually decreasing performance, affecting the team’s progress. He was then given a chance to improve it within two quarters. After two quarters, he could not meet with the goal. He was then terminated with both consensual agreements.
After two weeks, the company saw an increasing number of dummy data in the existing records. As a consequence, it affected on data of partners and their reporting mechanism, thereby harming the company’s credibility. Thanks to its backup policy, the company could recover from it easily.
Then, to mitigate such attacks in the future, the company reviewed its offboarding practices and CIA triad. Some of the CIA triad lists were as follows:
Confidentiality – (1) Updating username and password before offboarding, (2) Implementing 2FA in every authentication and authorization layer, (3) Updating access control list before offboarding, (4) Rotating SSH key (encryption key) before offboarding. The most important thing to be noticed here is to do it before offboarding.
Integrity – A background monitoring system is implemented, which triggers watching data integrity only when suspicious traffic is detected.
Availability – Although the underlying infrastructure was not affected, to ensure the availability of data and system operation, the infrastructure was further isolated and divided into different network segmentations so that unauthorized access could be prevented.