Vulnerabilities / Threats
7/7/2010
11:29 AM
Connect Directly
RSS
E-Mail
50%
50%

Internal Sabotage Security Risks Rising

Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.

Can you keep a secret?

According to a survey of more than 400 IT administrators -- mostly from larger businesses -- at this year's at Infosecurity Europe and RSA USA conferences, many IT administrators indulge in a little behind-the-firewall snooping.

Still, the extent of such snooping may surprise. In fact, two-thirds of respondents said they'd accessed information that wasn't relevant to their role. In addition, 41% said they even used administrative passwords to view sensitive or confidential information. That figure was a 33% increase from a similar study conducted by Cyber-Ark last year.

Inside the enterprise, respondents also outed IT as being the group most likely to snoop, given its role holding the so-called keys to the kingdom, technologically speaking.

Which records can't IT administrators stop themselves from looking at? Most often, they said, they accessed databases containing customer information or human resources records.

Interestingly, when asked what they'd take with them if fired tomorrow, two-thirds of respondents in the United States said they'd take nothing. But 17% of respondents said they'd take a database, while 2% said they'd take the CEO's e-mail password or the e-mail server administrator account password.

All of that information, of course, can also interest competitors. In fact, one-third of respondents said they'd had cases of insider sabotage or IT security fraud conducted in their workplace, and that their company's intellectual property ended up in the hands of competitors.

According to respondents, ex-employees were the leading sabotage culprits (in 37% of cases), followed by human error (28%), hacking attacks (10%), and lost devices (10%). In terms of what went missing, they suspected customer databases in 26% of cases, followed by research & development plans in 13% of cases.

Cyber-Ark said that compared last year's survey results, companies experiencing insider sabotage had increased from 20% in 2009 to 27% in 2010. In the same timeframe, the number of IT personnel who said they'd used administrator passwords to snoop increased by 33%.

Many companies, however, appear to be aware of the threat of information going missing as a result of internal or external attackers. In the United States, 78% of respondents said that their use of privileged accounts was monitored, though 74% believed they could get around those controls, if need be. Even so, 90% believe that they -- and everyone else using the network -- should be monitored.

The issue of monitoring access to sensitive or confidential information has been top of the news lately because of leaked video footage of a U.S. helicopter attack in Iraq, for which the military has formally charged private first class Bradley Manning, an intelligence analyst. Manning reportedly snooped around two classified and air-gapped networks for over a year. His actions were discovered not by the military, but by an ex-hacker to whom Manning boasted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.