Case Study: UBS Painewebber’s business operations debilitated by malicious code

How could this disaster have been prevented? What policy or procedures, or technology could have prevented such an attack by an employee with full network access?

It is always unpredictable to know which employ can harm the operations of a company because he/she has access codes to different systems. I think that there a mental and psychological aspect of this case which needed to be properly handled. For example, during the interviews, there could have been some psychological tests that prevented people like Duronio to join the company. Also, the managers needed to be more vigilant about the activities of the employees. Duronio must have some visible activities that could have allowed the managers to judge his mental status. The managers must make proper evaluation of the employees when they are assigning access to sensitive areas to prevent activities like erasing the data from servers by Duronio. Duronio needed to have some permissions but not all. Permissions can be set when a user name is made and even after it has been made. The company needed to have some backup plan for such events because this could even happen as a result of a natural disaster.

Second Opinion

USB PaineWebber suffered from a huge set back and got hacked by one of their employee. It has been said that it may have been done out of spite due to the lack of salary he was receiving. He was able to erase and have their servers down for weeks. This disaster could have been prevented in different ways. Duronio the employee who did this could have been evaluated to see how his mental capabilities could affect his work. Managers could have took things into consideration to see if he deserved what he thought he needed. What the company should have really done and created into procedures and policy is only allow certain people to have access to the things that Duronio had. The employees should have limited access to where they are only able to access what they are assigned to do. The company should have foreshadow that something similar to this could happen and therefore created a software that would detect and fight back. The company is liable for not having limitations and periodically changing information so that not just any employee could access.