Home > News > Security > IT administrators admit they’d steal data

IT administrators admit they’d steal data

By Iain Thomson
28 August 2008 04:08PM
Tags: administrators | admit | they’d | steal | data

A survey of 300 IT administrators found that 88 per cent said they would steal company secrets if they were laid off..

The target information included the CEO’s passwords, the customer database, R & D plans, financial reports, M & A plans and most importantly the company’s list of privileged passwords, which over a third said they would take.

“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company. These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it’s often considered too much hassle,” said Udi Mokady chief executive of security firm of Cyber-Ark.

“Our advice is secure the most privileged data, and routinely change and manage them, so that if an employee’s contract is terminated, whether sacked or made redundant, they can’t maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.”

Over a third of administrators also admitted to using privileged passwords top snoop on the network, looking up salaries and other personnel details as well as confidential business information and the web viewing habits of other staff.

The survey also showed alarmingly poor levels of security practice among administrators.

Over a third admitted to writing passwords on Post-it notes and leaving them on monitors, 35 per cent sending confidential information via unencrypted email and four per cent trusting it to the post.

Ads by Google

Thoughts on this article? Add a comment below.

Comments: 1

Accountability is a good way to minimise this risk.

Set up proper logging systems and where possible, don’t allow an individual sys admin the permissions to disable it.

Rather than having full sys admins, a more secure solution is to set up “almost-admin” accounts with the same permissions except that the “almost-admins” can’t clear logs or reset the full network administrator passwords. You’d then keep the first half of the full administrator(s) password(s) in your security documentation and entrust the second half to at least 2 trusted staff members who don’t have access to the security docs (2 or more for “liveware” redundancy).

This might not stop everything, but I bet fewer sys admins would do some of the things in this story if they knew their actions were being recorded.

Good logs also make it easier to reverse a malicious sys admin’s actions.

Chris Fry
http://www.chris-fry.com

Posted by Chris Fry, Sep 1, 2008 5:13 PM

Report

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Product Reviews

	Lieberman Software Enterprise Random PM The Lieberman Software Enterprise Random Password Manager is a full-on password manager and randomiser for...

	Proginet Corporation SecurForce Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.

	Siber Systems RoboForm Enterprise On the surface, RoboForm Enterprise starts out looking like a single sign-on product, but that is just on the...

	Symark International PowerBroker The Symark PowerBroker is a policy-driven, privileged access control application.

	Symark International PowerKeeper The Symark PowerKeeper is a hardened appliance. It comes with a sealed operating system that provides a...