A woman mistakenly thinking she was about to be fired allegedly took revenge on her employer by going into the office late one evening and deleting data files worth $2.5m. Although the deleted data were later retrieved (whether from backups or by 'undeleting' them is not stated), the potential remains for trusted insiders with access to corporate IT assets to cause enormously costly damage by sabotage.
Deliberate or accidental sabotage by backup operators are tough threats to control against. They have both physical and logical access to servers and their data, often work unsupervised out-of-hours, and are mostly relatively junior staff. Trust is the primary control, though many would argue that it is no control at all, merely blind faith in many cases. The risks can be reduced by various security control measures, such as:
- Alternating backup operators
- Combining on- and off-site backups
- Tightly controlling physical access to backup storage and especially archives
- Closer management supervision and/or physical monitoring of trusted employees working in the data center
- Better training and automation of backup processes, reducing the need to give backup ops unrestricted logical access to data
- Better HR processes for monitoring employees in such trusted positions and more respect for the valuable jobs they perform.