Internal Sabotage Security Risks Rising
Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.
Can you keep a secret?
According to a survey of more than 400 IT administrators -- mostly from larger businesses -- at this year's at Infosecurity Europe and RSA USA conferences, many IT administrators indulge in a little behind-the-firewall snooping.
More Security Insights
White PapersMore >>
Still, the extent of such snooping may surprise. In fact, two-thirds of respondents said they'd accessed information that wasn't relevant to their role. In addition, 41% said they even used administrative passwords to view sensitive or confidential information. That figure was a 33% increase from a similar study conducted by Cyber-Ark last year.
Inside the enterprise, respondents also outed IT as being the group most likely to snoop, given its role holding the so-called keys to the kingdom, technologically speaking.
Which records can't IT administrators stop themselves from looking at? Most often, they said, they accessed databases containing customer information or human resources records.
Interestingly, when asked what they'd take with them if fired tomorrow, two-thirds of respondents in the United States said they'd take nothing. But 17% of respondents said they'd take a database, while 2% said they'd take the CEO's e-mail password or the e-mail server administrator account password.
All of that information, of course, can also interest competitors. In fact, one-third of respondents said they'd had cases of insider sabotage or IT security fraud conducted in their workplace, and that their company's intellectual property ended up in the hands of competitors.
According to respondents, ex-employees were the leading sabotage culprits (in 37% of cases), followed by human error (28%), hacking attacks (10%), and lost devices (10%). In terms of what went missing, they suspected customer databases in 26% of cases, followed by research & development plans in 13% of cases.
Cyber-Ark said that compared last year's survey results, companies experiencing insider sabotage had increased from 20% in 2009 to 27% in 2010. In the same timeframe, the number of IT personnel who said they'd used administrator passwords to snoop increased by 33%.
Many companies, however, appear to be aware of the threat of information going missing as a result of internal or external attackers. In the United States, 78% of respondents said that their use of privileged accounts was monitored, though 74% believed they could get around those controls, if need be. Even so, 90% believe that they -- and everyone else using the network -- should be monitored.
The issue of monitoring access to sensitive or confidential information has been top of the news lately because of leaked video footage of a U.S. helicopter attack in Iraq, for which the military has formally charged private first class Bradley Manning, an intelligence analyst. Manning reportedly snooped around two classified and air-gapped networks for over a year. His actions were discovered not by the military, but by an ex-hacker to whom Manning boasted.
Can't make it to the Black Hat USA security conference this July? With Black Hat Uplink, you can experience the presentations online. Events will be streamed live on July 28-29, but you will be able to view Uplink presentations for 90 days after that. Click here to find out more.