You’ve probably heard the old saying, “One person’s trash is another person’s treasure.” In the world of cybersecurity, however, one person’s trash is often just a massive, expensive headache.
A recent story out of Houston serves as a perfect, messy example. A disgruntled former IT contractor for Waste Management decided to go rogue. According to reports, after being let go, this individual, let’s call him the “Digital Vandal”, allegedly managed to pose as another contractor, sneak back into the network, and run a script that reset about 2,500 passwords.
The result? Thousands of employees locked out, customer service disrupted, and a cleanup bill reportedly topping $862,000. It’s the digital equivalent of backing up a dump truck and unloading it right in the corporate lobby.
But here is the thing: this wasn’t some sophisticated, “Mission Impossible” laser-grid heist. It was a failure of identity management. And it is exactly the kind of mess we built Agilicus AnyX to prevent.
The Masquerade Ball
The article mentions that the attacker “posed as another contractor.” In traditional IT setups, this is frighteningly easy. Contractors often share generic accounts (think contractor1 with a password on a sticky note), or they are issued a company-specific email address that someone forgets to disable when they leave.
It is a lot like giving your house key to a dog walker. If you fire the dog walker but forget to ask for the key back, or if they made a copy, they can walk right back in and rearrange your furniture.
The Fix: Bring Your Own Identity (BYOI)
This is where Agilicus AnyX flips the script. Our unique approach is based on a simple premise: users should use their own identity, not one you create for them.
If Waste Management had been using Agilicus AnyX, the setup would have looked very different. Instead of issuing the contractor a wm.com email or a shared login, they would have granted access to maxwell@contracting-firm.com. The user logs in using Single Sign-On with their own company’s credentials.
Why does this matter? Because of the “kill switch” effect.
In the real-world scenario, when the contractor was fired, his boss at the contracting firm likely disabled his maxwell@contracting-firm.com account immediately to protect their own assets.
If Agilicus AnyX were in place, that action would have instantly propagated to Waste Management’s systems. The next time the Digital Vandal tried to log in to the Waste Management network, Agilicus would check with his home identity provider. The provider would say, “Sorry, this account is disabled,” and Agilicus would slam the door shut.
No password reset scripts. No masquerading. No $862,000 cleanup bill.
Operational Technology and the Critical Infrastructure Risk
While this incident hit the IT side of things, we have to remember that waste management is inherently industrial. It is critical infrastructure. When trucks stop rolling or sorting facilities go dark, garbage piles up. That becomes a public health issue fast.
Agilicus AnyX is designed specifically for this intersection of IT and Operational Technology. We protect the systems that control the physical world: programmable logic controllers (PLCs), SCADA systems, and HMIs.
In Operational Technology environments, safety is everything. You cannot afford to have a former employee logging into a water treatment plant or a waste processing facility from their couch. By using unified authentication, which supports Multi-factor Authentication even on old legacy equipment that doesn’t natively support it, we ensure that the person clicking the mouse is exactly who they say they are.
Don’t Get Dumped On
The lesson here is that relying on static usernames and passwords for third-party vendors is a risk you don’t need to take. It creates a disconnect between a user’s employment status and their access privileges.
With Agilicus AnyX, access is tied directly to the user’s current, valid identity.[2] You don’t need to manage their passwords, and you don’t need to worry about resetting them.[2] When they are out, they are out.
Don’t let a disgruntled ex-employee trash your network. Secure your remote access, unify your authentication, and keep the lid on your critical infrastructure.