One in four IT security staff admits to abusing administration privileges to pry
A detailed look at what IT security staff shared during Lieberman Software's recent password survey found that IT professionals just cannot resist peeking at information that is supposedly barred to them. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people's Christmas bonus details.
If it's human nature to pry it is also human nature to confide in someone once you have done it. IT security staff were very forthcoming with Lieberman Software during the survey. The survey of more than 300 IT professionals shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of password control and privileged logins, is potentially paving the way for a further wave of data breaches in 2012.
- 42 percent of those surveyed said that in their organisations' IT staff are sharing passwords or access to systems or applications
- 26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
- 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days - a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations
Philip Lieberman, President and Chief Executive Officer of Lieberman Software said: "Our survey shows that senior management at some of the largest organisations are still not taking the management of privileged access to their most sensitive information seriously. When someone can admit that they have unsupervised, unaudited and unauthorised access to all their colleague's and superior's bonus details then the IT security of that organization is seriously flawed."
He continued: "These organisations have to learn from the example of their peers who have taken this situation seriously and introduced Privileged Identity Management software to add a layer of automated security that dishonest staff cannot bypass. Organisations that fail to do this could end up in the same situation as UBS AG, which lost US $2.3 billion when rogue trader Kweku Adoboli was allowed unfetterd access to their systems and Societe Generale which lost $US 7 billion when Jerome Kerviel was allowed to run up 'secret trades' which senior management knew nothing about."
"These fundamentally careless practices and procedures revealed by the IT departments of the organisations we surveyed could cost them dearly in 2012. In many ways they should be breathing a sigh of relief that they have not been breached yet, but it's just a matter of time," Lieberman said.
Password Management and Data Breaches
Privileged accounts hold elevated permission to access files, install and run programs, and change configuration settings. Their misuse is a major reason for data leakage.
For many organisations, unmanaged privileged account passwords are the backdoors by which hackers find their way into the enterprise's most sensitive data. If almost 50% of all passwords remain unchanged, as this survey discovered, then fundamental and basic IT security practices are being ignored by staff and their senior management.
The survey was conducted by Lieberman Software at HP Protect 2011 amongst more than 300 IT professionals. The full results can be found at http://www.liebsoft.com/Password_Security_Survey/
Lieberman Software Corporation
Lieberman Software provides privileged identity management and security management solutions to more than 1000 customers worldwide, including 40 percent of the US Fortune 50. By automatically discovering and managing privileged accounts everywhere on the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged identity management space, and its products continue to lead this market in features and functionality. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Geteilte Verantwortung bringt doppelte Sicherheit
Unternehmen benötigen zunehmend die Flexibilität der Cloud. Aber dort drohen neue Gefahren. Die Plattformen der Service Provider sind zumeist sicher – aber vielen Unternehmen fehlt die Expertise, Anwendungen und Daten in der Cloud angemessen zu schützen. Cloud Access Security Broker (CASB) können helfen, diese Lücke zu schließen.Weiterlesen