Here’s another reason why it’s a good idea to periodically go through a security audit – a Verizon software developer was discovered to have been ‘outsourcing’ his job to a Chinese firm. The developer apparently gave his VPN login credentials to the company, who had been logging in and working for a fraction of the developer’s own salary. The developer also had to take the extraordinary step of sending his physical RSA token to China via FedEx so that his contractor could continue to impersonate him.
This type of behavior is surprising, but it goes to show what critical information can be revealed during a routine security audit. A third-party firm that was hired to do the audit had initially thought that the connection between China and the end-user was the result to malware, and that the Chinese company had possibly breached Verizon’s defenses.