Ex-Cisco Employee Deleted 16,000 WebEx Accounts and Faces Criminal Charges
Table of Contents
- By Dawna M. Roberts
- Published: Dec 18, 2020
- Last Updated: Mar 18, 2022
A former Cisco employee connected to Cisco’s AWS servers without authorization after he no longer worked there and destroyed 456 virtual machines and deleted more than 16,000 WebEx accounts. He pleaded guilty in July and now faces serious consequences.
What Happened?
Former Cisco employee Sudhish Kasaba Ramesh, 31, who lives in San Jose, faces 24 months in prison after accessing Cisco servers after leaving his employment there as an engineer.
Ramesh did not supply details as to why he did it. The fraud took place five months after he had quit his job with Cisco. The servers were hosted on Amazon Web Services, and he logged on, ran a script that deleted 456 virtual machines and more than 16,000 WebEx users used by its WebEx Teams department.
Cisco pressed charges and proceeded legally as soon as they discovered the sabotage. Ramesh eventually apologized for the damage but never provided any reason. Along with his prison sentence, the U.S. District Court in California ordered him to pay a $15,000 fine. He will also face additional one-year probation (supervised release) following his two-year in prison.
The Aftermath
According to ZDNet, this particular incident cost the company $2.4 million in losses; it took them two weeks to fix the damage and recover the accounts, which cost $1,400,000 in labor and $1,000,000 in customer refunds.
Ramesh’s current employer, Stich Fix, fired him immediately upon hearing about the sabotage and willful destruction of his former employer’s servers. He is scheduled to begin his prison sentence on February 10, 2021.
The Dangers of Leaving Company Resources Open
According to statistics, 25-30% of data breaches were perpetrated by current employees or former disgruntled employees accessing servers after leaving their employment.
It is unclear, and Cisco failed to comment on why Ramesh was able to access these servers well after he had left employment. However, with the majority of Americans working from home due to the pandemic, companies need to be more careful than ever before about leaving doors open after employees leave. Some suggested security measures are:
- When an employee leaves voluntarily or by firing, change all passwords they had access to, revoke VPN or other server access and disable all user accounts.
- Hire independent threat assessors to come in and evaluate your systems looking for vulnerabilities.
- Install network monitoring systems and set up alerts for any unauthorized access or unusual access (by employees who have left or at odd hours of the day/night).
- Update hiring policies to explicitly spell out how, when, and to what degree employees can access data remotely. Have each employee sign it with the understanding that a violation could mean criminal charges.
- Vet all third-party cloud-based services carefully before storing company-reliant information or data on them. Many data breaches have occurred by using weak third-party vendors who did not have the security protocols to keep things safe.
- Partner with an outside security firm to keep an eye on all network traffic and data access across all channels.
- Educate all staff members, so you have eyes and ears everywhere. The better they know how to avoid data breaches and fraud, the better.
- Limit access to only those who need the information to do their jobs.
- Use behavior assessment tools to gauge who may or may not be trustworthy around sensitive data.
- Safeguard all data and files against copying or transferring.
- Implement geo-fencing and time-fencing mechanisms to control who can access what data from specific locations and during particular times of the day.