Blog article
See all stories ยป

IT administrators - devious and dangerous

You might want to think twice before laying off any IT administrators because it appears they can, and more importantly will, walk away with all your company secrets.

A survey from Cyber Ark has found that of 300 IT security professionals questioned, 88% would steal valuable and sensitive company information if laid off tomorrow.

Some would walk away with the CEO's password, others would take customer databases and, most worryingly, a third would nick the company's list of privileged passwords, giving them access to all the information on the network.

A third of the administrators questioned also admit to snooping around the network looking at confidential information like salary details and personal e-mails.

So, don't mess with your IT people, they've got the power and they're not afraid to use it.

 

3856

Comments: (1)

A Finextra member
A Finextra member 28 August, 2008, 23:40Be the first to give this comment the thumbs up 0 likes

Generally they're fabulous, very hard working and dedicated people, but occasionaly you get a rogue, but only very occasionally.

Some are probably doing things their managing directors may not 'know' about, such as hacking competitors etc, and this can lead to serious issues for the companies and their financial industry clients. It can also lead very quickly to jail, that is, if the competitor chooses that course of action as redress.

Other less ethical victims may choose other courses of action.

Next time your bank suffers a serious attack consider that it may be as a result of a rogue in your (or your network provider's) staff going above and beyond their job description.

Insider's, especially systems administrators must be properly controlled and measures put in place to prevent such staff from doing bad things if they are terminated. External audits need to be carried out to ensure such staff have not introduced back doors.

The situation such as Lloyds with the staff knowing customer's passwords is beyond belief. If they sack the worker, do they have to change every customer's password, along with all of the staff?

An ounce of prevention is better than a pound of cure.

There is at least one banking infrastructure provider in the UK with such rogue staff, either that or their leaving their systems open for others to use it to launch attacks (even more dangerous).

The most dangerous are actually the corporate leaders who assume it'll be all right, because sometimes it won't and the repercussions could be serious for the organisation.

At the least a little look in the eye and ask the question could be in order, as I don't expect you'll gain much insight from a memo. If in doubt then sort it out.

 

Matt White

Matt White

North America editor

Finextra

Member since

27 Nov 2006

Location

Toronto

Blog posts

85

Comments

185

More from Matt

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all