This week on Verizon's security blog a real-life jaw-dropping case study promoting the need to proactively monitor logs from critical systems was shared. 


In this story, a developer was found to be outsourcing his development work to a team in China! He had provided them with his RSA token so they could VPN into the company network and upload code that he was supposed to be doing himself.


On top of that, it was determined that he was "working" for a number of companies in the area, utilizing the same outsourced company to do his work, yielding him hundreds of thousands of dollars.


His downfall was a review of the VPN logs where the source IP address was clearly in China, which raised a red flag.  It appears, from the story, all that was done across the VPN was move developed code.


The story, however, could have gone a different direction.  Had the Chinese firm utilized the VPN access to hack into and steal sensitive data, this story would have ended far worse than it did. It makes a compelling argument for two parts of a good security strategy:


Proactive Log Monitoring - Had the customer been watching this all along, they may have found out about it the first time a connection was made (although, from the HR reviews mentioned in the story, they would of been out of some really solid code work!).Proactive Employee Monitoring - The other way they would have been able to tell something was off far sooner than they did is to monitor employee activity to provide intelligence into what they are doing daily. 


A review of his browser history after the fact showed alot of Reddit and Cat Videos.  The employer could have know this months prior with either a review of firewall logs or employee activity reports.


Organizations can no longer wait until something bad happens. It's no longer a question of if a breach of data security will happen, it's a question of when.

Via SpectorSoft (