Vulnerabilities / Threats
7/7/2010
11:29 AM
50%
50%

Internal Sabotage Security Risks Rising

Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.

Can you keep a secret?

According to a survey of more than 400 IT administrators -- mostly from larger businesses -- at this year's at Infosecurity Europe and RSA USA conferences, many IT administrators indulge in a little behind-the-firewall snooping.

Still, the extent of such snooping may surprise. In fact, two-thirds of respondents said they'd accessed information that wasn't relevant to their role. In addition, 41% said they even used administrative passwords to view sensitive or confidential information. That figure was a 33% increase from a similar study conducted by Cyber-Ark last year.

Inside the enterprise, respondents also outed IT as being the group most likely to snoop, given its role holding the so-called keys to the kingdom, technologically speaking.

Which records can't IT administrators stop themselves from looking at? Most often, they said, they accessed databases containing customer information or human resources records.

Interestingly, when asked what they'd take with them if fired tomorrow, two-thirds of respondents in the United States said they'd take nothing. But 17% of respondents said they'd take a database, while 2% said they'd take the CEO's e-mail password or the e-mail server administrator account password.

All of that information, of course, can also interest competitors. In fact, one-third of respondents said they'd had cases of insider sabotage or IT security fraud conducted in their workplace, and that their company's intellectual property ended up in the hands of competitors.

According to respondents, ex-employees were the leading sabotage culprits (in 37% of cases), followed by human error (28%), hacking attacks (10%), and lost devices (10%). In terms of what went missing, they suspected customer databases in 26% of cases, followed by research & development plans in 13% of cases.

Cyber-Ark said that compared last year's survey results, companies experiencing insider sabotage had increased from 20% in 2009 to 27% in 2010. In the same timeframe, the number of IT personnel who said they'd used administrator passwords to snoop increased by 33%.

Many companies, however, appear to be aware of the threat of information going missing as a result of internal or external attackers. In the United States, 78% of respondents said that their use of privileged accounts was monitored, though 74% believed they could get around those controls, if need be. Even so, 90% believe that they -- and everyone else using the network -- should be monitored.

The issue of monitoring access to sensitive or confidential information has been top of the news lately because of leaked video footage of a U.S. helicopter attack in Iraq, for which the military has formally charged private first class Bradley Manning, an intelligence analyst. Manning reportedly snooped around two classified and air-gapped networks for over a year. His actions were discovered not by the military, but by an ex-hacker to whom Manning boasted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.