Vulnerabilities / Threats
7/7/2010
11:29 AM
Connect Directly
RSS
E-Mail
50%
50%

Internal Sabotage Security Risks Rising

Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.

Can you keep a secret?

According to a survey of more than 400 IT administrators -- mostly from larger businesses -- at this year's at Infosecurity Europe and RSA USA conferences, many IT administrators indulge in a little behind-the-firewall snooping.

Still, the extent of such snooping may surprise. In fact, two-thirds of respondents said they'd accessed information that wasn't relevant to their role. In addition, 41% said they even used administrative passwords to view sensitive or confidential information. That figure was a 33% increase from a similar study conducted by Cyber-Ark last year.

Inside the enterprise, respondents also outed IT as being the group most likely to snoop, given its role holding the so-called keys to the kingdom, technologically speaking.

Which records can't IT administrators stop themselves from looking at? Most often, they said, they accessed databases containing customer information or human resources records.

Interestingly, when asked what they'd take with them if fired tomorrow, two-thirds of respondents in the United States said they'd take nothing. But 17% of respondents said they'd take a database, while 2% said they'd take the CEO's e-mail password or the e-mail server administrator account password.

All of that information, of course, can also interest competitors. In fact, one-third of respondents said they'd had cases of insider sabotage or IT security fraud conducted in their workplace, and that their company's intellectual property ended up in the hands of competitors.

According to respondents, ex-employees were the leading sabotage culprits (in 37% of cases), followed by human error (28%), hacking attacks (10%), and lost devices (10%). In terms of what went missing, they suspected customer databases in 26% of cases, followed by research & development plans in 13% of cases.

Cyber-Ark said that compared last year's survey results, companies experiencing insider sabotage had increased from 20% in 2009 to 27% in 2010. In the same timeframe, the number of IT personnel who said they'd used administrator passwords to snoop increased by 33%.

Many companies, however, appear to be aware of the threat of information going missing as a result of internal or external attackers. In the United States, 78% of respondents said that their use of privileged accounts was monitored, though 74% believed they could get around those controls, if need be. Even so, 90% believe that they -- and everyone else using the network -- should be monitored.

The issue of monitoring access to sensitive or confidential information has been top of the news lately because of leaked video footage of a U.S. helicopter attack in Iraq, for which the military has formally charged private first class Bradley Manning, an intelligence analyst. Manning reportedly snooped around two classified and air-gapped networks for over a year. His actions were discovered not by the military, but by an ex-hacker to whom Manning boasted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio