close
close

A Disney employee hacked the menu after being fired in a revenge plot

A Disney employee hacked the menu after being fired in a revenge plot

A former Disney employee, Michael Scheuer, reportedly hacked Disney’s internal menu system after he was fired, altering allergen messages and changing fonts to unreadable Wingdings characters, according to reports Court news.

His alleged act of retaliation, which could have endangered the safety of patrons, underscores the importance of strict deboarding practices when an employee is fired.

Revenge hacks on the rise

In cases like the alleged Disney incident involving Scheuer, “revenge” hacking attacks by former employees are a real and growing cybersecurity problem.

These types of insider threats are usually classified as “disgruntled insider” attacks, where former employees motivated by feelings of resentment or revenge use their previous access to harm the company.

This trend is of particular concern because disgruntled insiders can use their knowledge of internal systems to carry out targeted disruptions. Research shows that nearly a quarter of insider threat cases involve some form of “malicious intent,” including sabotage, data theft, and fraud.

2024 year Securonix report highlights that companies increasingly face insiders abusing access to retaliate, with motives ranging from disagreements with management to perceptions of unfair termination.

These incidents often result in direct harm, such as data leaks, service disruptions, and financial losses, as well as indirect consequences, including reputational damage and customer trust issues.

What to do? Termination and insider threats

When employees are terminated, especially in contentious situations, companies must take reasonable steps to ensure that they no longer have access to sensitive systems.

Immediate revocation of access

Once an employee is terminated, all digital and physical access credentials must be revoked. This includes login credentials, VPN access, building access, and any other means by which the former employee may have gained access to systems or physical facilities. In cases like this Disney incident, a quick termination of access could have prevented a situation where a former employee retained the ability to allegedly access confidential platforms after termination.

In these situations, it’s a good idea to schedule a joint review between HR and IT prior to termination to ensure that each access point is identified and deactivated. This process helps avoid oversights, especially for employees who have held positions that give them access to multiple platforms.

Conduct a post-termination security audit

A thorough security audit after an employee leaves is important, especially for positions that involve access to sensitive data or administrative systems. In addition to ensuring that permissions are completely removed, this audit verifies that there are no unauthorized paths left, such as saved passwords or login credentials stored on shared devices. In cases where employees have access to sensitive areas, such as Disney’s menu systems, the checks help eliminate potential entry points for unauthorized activity.

For example, after an initial access termination, reviewing the logs and activity for all systems the individual had access to in the 90 days prior to termination for unusual patterns or unclear permissions that may need attention can prevent missing areas that may have been used by former employees.

Improved post-shipment monitoring of high-risk systems

Systems monitoring unusual activity in the weeks following an outage can alert security teams to unauthorized access attempts. This is especially important for employees who may have had administrative access, allowing them to modify systems or databases. Implementing real-time alerts and activity logging can be an important line of defense.

This would look like setting up enhanced monitoring on all systems the former employee had access to for 30-90 days, supporting real-time alerts on login attempts, file changes and unusual access times, so unauthorized access attempts are detected early.

Insider threats after termination

Organizations face real challenges both outside and inside the gates. The allegations are a reminder that organizations need comprehensive onboarding procedures as part of their insider threat prevention efforts.

Revoking access, conducting background checks and monitoring activities are the main methods that can significantly reduce the risks associated with ex-employees.

By taking these precautions, businesses can better protect their operations, reputation, and customer safety, while minimizing the possibility of retaliation from disgruntled former employees.

I’ve reached out to Disney for comment, but they have yet to hear back.