Database access allows employee to place malcode on database server.
After being informed of his termination, former employee of the Transportation Security Administration (TSA), Douglas James Duchack, was indicted for trying to corrupt a database of terrorism suspects at TSA's Colorado Springs Operations Center. After his job was terminated last October, Duchack allegedly place malcode into Colorado Springs Operations Center server containing data from the former database. He now faces up to 10 years in prison and a $500,000 fine if convicted.
Slavik Markovich, chief technology officer at Sectrigo, points out that this is a good reminder of why it is so important to monitor all user activity as internal users, especially those with privileged access like systems administrators, developers, or DBAs, can easily bypass many of the standard security tools that exist in most organizations.