ST. PETERSBURG David Scott decided he had to cut ties with one of his contract workers.
A web developer, the man was proving unreliable, said Scott, owner of the small St. Petersburg-based web design and marketing company Cosmic Digital Design. Scott delivered the news in March.
Within hours, sites that Cosmic Digital had designed for client companies began disappearing from the web. Somebody had logged into the servers remotely and deleted files. It cost Cosmic about $277,000 in lost product.
Scott feared he might be the victim of an inside hit a modern scourge thats real and growing for businesses large and small as they come to rely more heavily on information technology.
“It was a pretty devastating attack,” Scott said. “We werent prepared for something like this.”
Before the attack, security was low on Scotts priority list. Visual art and design have always been his passion.
He worked as an illustrator after graduating from Southern Methodist University in Dallas, then went to Bermuda for a few years to work at a friends graphic design firm. He settled in the Tampa Bay area and opened Cosmic Digital Design in 2007, with an eye on getting a slice of the investments companies were making in their websites.
By 2017, more than half of Cosmic Digitals business was web-based design, Scott said. So he hired contract web developers to do what he couldnt. One of them was Ivan Marik, who came aboard in late 2015.
“Essentially he was in charge of making sure all the websites functioned the way theyre supposed to,” Scott said.
Scott was the artist, while Marik was supposed to turn his visuals into a working website.
Marik was loyal and dedicated, always in the office to address problems as they arose and answer any questions.
“He did a pretty good job,” Scott said. “I was pretty happy with him.”
Things went downhill at the beginning of 2017.
Marik wasnt coming in regularly any longer. Hed say he was sick or had family issues, but Scott didnt feel it was his place to pry. What mattered to him, he said, was that Marik was missing deadlines.
Things came to a head when Marik was building a website for one of Cosmic Digitals larger client companies. The client wasnt happy with the work, Scott said. He told Marik they needed to go in a different direction but Marik resisted, so Scott took him off the project, he said.
The work had represented the bulk of Mariks responsibilities. Afterward, Scott said, he couldnt afford to keep Marik around.
“I had to make a decision and let him go.”
Scott declined to describe their March 16 conversation.
“What I will say is the news didnt go over very well with him,” he said.
That was 2 p.m.
Around 5 p.m., Scott was on the phone with one of his clients and he tried to pull up the clients website. But all that would load was a blank screen. So he checked another site, and found the same thing. And another, and another.
“Then panic set in,” Scott said, “and I realized at that point in time what had happened.”
In all, 13 of his sites had been deleted. He had backups for about half, but the ones that couldnt immediately be recovered included three of his biggest clients.
Scott checked his server logs first thing the next morning and identified the unique IP address he believed was responsible for the hack. He contacted St. Petersburg police who, due to the technical nature of the investigation, referred it to the Florida Department of Law Enforcement.
FDLE investigators linked the IP address to Marik, and they arrested him Nov. 1.
Marik, contacted by the Tampa Bay Times after he posted bail, denied that he accessed Cosmic Digitals servers and deleted files.
“I dont know what youre talking about,” Marik said by phone. “I have nothing to say about that. This is an ongoing case and Im not going to discuss any of that crap.”
Scott stands by his story.
“I have his digital footprint,” Scott said. “I have his IP address showing he accessed the website servers at that particular time. And the server logs do show that that IP address deleted files.”
Afterward, Scott was able to rebuild the sites he had lost.
“Weve basically recovered from it, but it did cost us some relationships,” he said.
The episode highlights an all too common problem. On average, successful insider attacks cost companies about $445,000, according to a 2015 study referenced by a Carnegie Mellon University report. With an average of 3.8 insider attacks per year, the cost to a company can reach $1.7 million, the report said.
Even Twitter, valued at more than $15 billion, fell victim to an insider attack this month when a contractor who was leaving the company disabled President Donald Trumps account.
Since the attack on Scotts company, he installed firewalls on all his websites. And he wont work with developers who require certain administrative privileges on his servers.
Security strategies vary by industry and company, but there are easy ways businesses can defend themselves from those on the inside. One is establishing a protocol to share network access with new employees and revoke it from departing employees, said FDLE Special Agent Corey Monaghan, who specializes in crimes that involve network intrusion and investigated Cosmic Digitals case.
Another is to ensure all employees have their own logon credentials and to encourage strong passwords, so internal leaks or breaches can be traced to one person, Monaghan said.
And because many people who commit insider attacks are unhappy on the job, Monaghan said, information technology departments at larger companies should work closely with human resources to identify disgruntled employees and, if necessary, pay extra attention to their network activity.
Scott called his experience “a cautionary tale.” Cosmic Digital wasnt ready for an insider attack.
“It is now,” he said. “If youre going to dabble in website design, youve got to pay attention to security.”
Contact Josh Solomon at (813) 909-4613 or [email protected] Follow @ByJoshSolomon.