As layoffs and restructurings radically reshape organizations (some more chaotic and “extremely hardcore” than others) it may sometimes be unclear who has admin access and who does not, and if a terminated employee has truly relinquished their top IT access privileges on their way out the door. 

A number of strategies—consolidated access controls, visibility tools, and isolated offboarding practices—help organizations prepare for the risks that arise when people with administrator privileges are de-provisioned.

“That’s when you don’t want to screw up…when you’re letting an admin go, for whatever reason, and those people will literally have the ability to take down your production, your business, whatever it is that you hold dear to your organization,” Brian Haugli, CEO at the cybersecurity services company SideChannel, told IT Brew.

Shutdown mode. A Q3 report from the risk-advisory consulting firm Kroll saw insider threat peak to its highest quarterly level yet, accounting for “nearly 35% of all unauthorized-access threat incidents” seen by the company. One incident cited by Kroll revealed a terminated employee kept gigabytes of company data on multiple cloud networks.

And employees don’t have to take data to ruin a company’s reputation. As imposter accounts proved during Twitter’s tumultuous transition, rogue tweets can damage stock value. A secure offboarding process that blocks an exiting employee from company services, including social media, becomes an important risk-management strategy.

Haugli recommends the “easy” shutdown method: Put the person in a room with HR, away from devices, while others dismantle access, lessening the chance of data leaks caused by insider ire. “With a remote-heavy world now, this is proving a little bit more difficult to navigate, but not undoable,” said Haugli.

Aside from security threats, an IT overhaul may also lead to a lack of knowledge, like the details of a server or network setup.

Moses Frost, senior technical consultant at Neuvik and senior instructor at the SANS Institute, said the post-layoff question is rarely: Are we secure? But, rather: Does anybody know how to run this thing?

Read more here.—BH

Mozilla and Microsoft have removed root certificate authority (CA) TrustCor from their respective Firefox and Edge browsers, under a cloud of suspicion over its reported ties to spyware firms and intel agencies. Both browsers will no longer accept new TrustCor certificates, the Washington Post reports.

Root CAs are entities that authenticate keys that browsers and operating systems use to verify connections to legitimate websites. The vetting process for a root CA to be in major web browsers is expensive and lengthy, because root CA status comes with the potential for abuse, like surveillance and traffic hijacking. Firefox’s approval process, for example, takes at least two years, according to the Washington Post.

In November, the Post reported a number of concerning insights into TrustCor, including shared officers with a Panamanian spyware firm called Measurement Systems, which distributed an app software development kit (SDK) that secretly collected data on users. Measurement Systems is itself an affiliate of Packet Forensics, a firm that has pitched police on its ability to conduct man-in-the-middle attacks (that would require subverting a certificate authority). A beta version of a secure messaging program developed by TrustCor, MsgSafe.io, contained that SDK, and security researchers told the Post it wasn’t actually encrypted as advertised.

One TrustCor partner was listed as a contact for yet another firm that managed 175 million IP addresses for the Pentagon; another source told the paper that Packet Forensics technology was used to catch terrorism suspects. Adding to the list of suspicious factors, the Post found that the firm’s mailing address was a UPS Store mail drop in Toronto, while TrustCor’s website listed its leadership as a man who died months ago, and another whose LinkedIn indicated he left the company in 2019.

Read more here.—TM

The field of cybersecurity is an inviting one, says Randy Gross—and not just because it has over 700,000 open cybersecurity jobs in the US and needs you badly.

“The community among cyber operators and professionals is tremendously welcoming. It’s very collaborative. And honestly, I haven’t seen anything quite like it in my career,” Gross, CISO and chief innovation officer at the vendor-neutral certifying body CompTIA, told IT Brew.

In other words, you won’t find Nick Burns (“move!”) and other Help Desk hellraisers on today’s IT teams.

Take the response to the well-documented Log4J vulnerability—a collaborative defense and information-sharing effort from private companies, security pros, and government agencies alike. “People really wanted to work together to solve it; there’s no benefit to one person solving it. Everyone’s got to buy in,” said Gross.

Before buying in, however, a cybersecurity hopeful has to learn the game—and often prove their knowledge to employers through degrees and certifications like CISA, CISSP, or CompTIA’s CySA and Security+ badges.

In a short conversation, Gross offered some advice for infosec newbies and spoke about ways for rookies to pass the industry’s early tests.

This Q&A has been edited for length and clarity.

Do you have an example of the best demonstration of collaboration between professionals?

There’s a notion of information-sharing organizations in cybersecurity. They’re called ISACs (Information Sharing and Analysis Centers), or ISAOs (Information Sharing and Analysis Organizations). We have an ISAO that we operate on behalf of managed service providers.

But the ISACs are very well established and have been around for a decade or two. It’s a community of folks, usually in a particular vertical, and they come together, and they’re looking out for each other. So, vendor doesn’t matter. Company doesn’t matter. What matters is solving for the issue at hand and making sure we keep everyone safe.

What are the cybersecurity skills that are most in-demand today? Read more here.—BH

Today’s top IT reads.

Stat: $60 million. That’s how much money the “Cuba” ransomware gang has taken from victims, according to a joint advisory released last week. (CISA)

Quote: “It’ll be used for putting something like GPT-3 in your toaster for one dollar, so running on a few watts, you can have a conversation with your toaster.”—AI pioneer Geoffrey Hinton, who believes the computer of tomorrow will be “mortal” and more closely bonded with software (ZDNet)

Read: A reporter reflects on the thrill of being an 11-year-old BBS sysop in 1992. (Ars Technica)

Low-code learnin’: Remember buying software off the shelf? Anyone? These days, it’s all about saving time and $$$ with cloud services and low-code dev. OutSystems’ on-demand webinar will show you how to drive transformation with high-performance low-code. Register here.*

^{*This is sponsored advertising content.}