Join the Community

22,037

Expert opinions

43,964

Total members

420

New members (last 30 days)

182

New opinions (last 30 days)

28,682

Total comments

Join Sign in

IT administrators - devious and dangerous

28 August 2008 1 comment

Matt White

North America editor

Finextra

You might want to think twice before laying off any IT administrators because it appears they can, and more importantly will, walk away with all your company secrets.

A survey from Cyber Ark has found that of 300 IT security professionals questioned, 88% would steal valuable and sensitive company information if laid off tomorrow.

Some would walk away with the CEO's password, others would take customer databases and, most worryingly, a third would nick the company's list of privileged passwords, giving them access to all the information on the network.

A third of the administrators questioned also admit to snooping around the network looking at confidential information like salary details and personal e-mails.

So, don't mess with your IT people, they've got the power and they're not afraid to use it.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4180

Report

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

Join group

216 opinions 45 members 04 November 2024

Comments: (1)

A Finextra member

28 August 2008

Generally they're fabulous, very hard working and dedicated people, but occasionaly you get a rogue, but only very occasionally.

Some are probably doing things their managing directors may not 'know' about, such as hacking competitors etc, and this can lead to serious issues for the companies and their financial industry clients. It can also lead very quickly to jail, that is, if the competitor chooses that course of action as redress.

Other less ethical victims may choose other courses of action.

Next time your bank suffers a serious attack consider that it may be as a result of a rogue in your (or your network provider's) staff going above and beyond their job description.

Insider's, especially systems administrators must be properly controlled and measures put in place to prevent such staff from doing bad things if they are terminated. External audits need to be carried out to ensure such staff have not introduced back doors.

The situation such as Lloyds with the staff knowing customer's passwords is beyond belief. If they sack the worker, do they have to change every customer's password, along with all of the staff?

An ounce of prevention is better than a pound of cure.

There is at least one banking infrastructure provider in the UK with such rogue staff, either that or their leaving their systems open for others to use it to launch attacks (even more dangerous).

The most dangerous are actually the corporate leaders who assume it'll be all right, because sometimes it won't and the repercussions could be serious for the organisation.

At the least a little look in the eye and ask the question could be in order, as I don't expect you'll gain much insight from a memo. If in doubt then sort it out.

Report