Vulnerabilities / Threats
7/7/2010
11:29 AM
50%
50%

Internal Sabotage Security Risks Rising

Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.

Can you keep a secret?

According to a survey of more than 400 IT administrators -- mostly from larger businesses -- at this year's at Infosecurity Europe and RSA USA conferences, many IT administrators indulge in a little behind-the-firewall snooping.

Still, the extent of such snooping may surprise. In fact, two-thirds of respondents said they'd accessed information that wasn't relevant to their role. In addition, 41% said they even used administrative passwords to view sensitive or confidential information. That figure was a 33% increase from a similar study conducted by Cyber-Ark last year.

Inside the enterprise, respondents also outed IT as being the group most likely to snoop, given its role holding the so-called keys to the kingdom, technologically speaking.

Which records can't IT administrators stop themselves from looking at? Most often, they said, they accessed databases containing customer information or human resources records.

Interestingly, when asked what they'd take with them if fired tomorrow, two-thirds of respondents in the United States said they'd take nothing. But 17% of respondents said they'd take a database, while 2% said they'd take the CEO's e-mail password or the e-mail server administrator account password.

All of that information, of course, can also interest competitors. In fact, one-third of respondents said they'd had cases of insider sabotage or IT security fraud conducted in their workplace, and that their company's intellectual property ended up in the hands of competitors.

According to respondents, ex-employees were the leading sabotage culprits (in 37% of cases), followed by human error (28%), hacking attacks (10%), and lost devices (10%). In terms of what went missing, they suspected customer databases in 26% of cases, followed by research & development plans in 13% of cases.

Cyber-Ark said that compared last year's survey results, companies experiencing insider sabotage had increased from 20% in 2009 to 27% in 2010. In the same timeframe, the number of IT personnel who said they'd used administrator passwords to snoop increased by 33%.

Many companies, however, appear to be aware of the threat of information going missing as a result of internal or external attackers. In the United States, 78% of respondents said that their use of privileged accounts was monitored, though 74% believed they could get around those controls, if need be. Even so, 90% believe that they -- and everyone else using the network -- should be monitored.

The issue of monitoring access to sensitive or confidential information has been top of the news lately because of leaked video footage of a U.S. helicopter attack in Iraq, for which the military has formally charged private first class Bradley Manning, an intelligence analyst. Manning reportedly snooped around two classified and air-gapped networks for over a year. His actions were discovered not by the military, but by an ex-hacker to whom Manning boasted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.