Chris Correa, a former scouting director for American Major League Baseball team the St Louis Cardinals, has been sentenced to 46 months in jail this week for hacking into rival team Houston Astros’ systems.
In 2015 he was sacked by the Cardinals following his arrest for allegedly accessing various systems operated by Houston using the credentials of one of their former employees, then on the payroll at the Cardinals. In addition to the jail sentence he has been ordered to repay over £200,000 in compensation.
Cyber espionage incidents such as this continue to show no signs of slowing where, according to the Verizon Data Breach Investigations Report 2016, 90% of espionage breaches last year resulted in the capture of trade secrets [2]. Instances that involve former and/or disgruntled employees are more focused and determined, and existing knowledge of internal systems must be considered.
It is therefore important to ensure that both your external and internal security postures are sufficient to mitigate these types of attack. When assessing defences it is common to find organisations assume that attacks will come from outside the perimeter and from an attacker with little or no knowledge of the business’ systems. Incidents like the Cardinals are a reminder that it is important to adopt a defence in depth approach that encompasses both sides of the fence, ensuring every base is covered and ensure security policies and penetration testing strategies reflect this.
If you would like a no nonsense discussion about your company’s ability to withstand a cyber attack, get in touch with us today.
