Survey: Businesses Need Better Staff Controls

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

A survey of a surprisingly candid group of 300 IT professionals reveals an urgent enterprise need for solutions providers to help manage IT folks who can’t seem to control their curiosity.

Lieberman Software recently surveyed more than 300 IT professionals and found a fundamental lack of IT security awareness in enterprises, particularly in the areas of password control and privileged logins — potentially paving the way for a wave of data breaches in 2012.

The findings place a spotlight on a need for solution providers to implement different and more stringent controls on IT staffers to prevent the high-profile breaches that have involved IT professionals not just snooping around sensitive information or communications, but also breaching systems for personal financial gain.

Related articles

Lieberman CEO Philip Lieberman noted a couple of recent examples including the case of UBS AG, which lost $2.3 billion when a rogue trader was allowed unfettered access to its systems, and Societe Generale, which lost $7 billion when an employee with access privileges was allowed to run up “secret trades”  that senior management knew nothing about.

While the digital aspect comes first, it is, after all, people who are touching these boxes. Lieberman’s survey found that some IT professionals admitted they just couldn’t resist peeking at information supposed to be barred to them. A full 26 percent admitted to using privileged login rights to look at confidential information they should not have had access to in the first place.

Seems it proved just too tempting, and maybe just human nature, said Lieberman, for them to rifle through redundancy lists, payroll information and other sensitive data including, for instance, Christmas bonus details. Add to that scenario the possibility of credit card data and/or health care information, and the need for a more sophisticated system of controls becomes even clearer.

Other survey results for solution providers to keep in mind include the following:

  • 42 percent said that in their organizations, IT staff are sharing passwords or access to systems or applications;
  • 26 percent said they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information;
  • 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days — a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organizations.

“Our survey shows that senior management at some of the largest organizations are still not taking the management of privileged access to their most sensitive information seriously,” Lieberman said in a statement. “When someone can admit that they have unsupervised, unaudited and unauthorized access to all their colleagues’ and superiors’ bonus details, then the IT security of that organization is seriously flawed.”

Attention must be paid particularly to areas where privileged accounts hold elevated permission to access files, install and run programs, and change configuration settings. Their misuse is a major reason for data leakage.

For many organizations, mismanaged privileged-account passwords are the backdoors by which hackers find their way into the enterprise’s most sensitive data. If almost 50 percent of all passwords remain unchanged, as this survey discovered, then basic IT security practices are being ignored by staff and senior management. These fundamentally careless practices and procedures could cost them dearly in 2012.

“In many ways [companies] should be breathing a sigh of relief that they have not been breached yet, but it’s just a matter of time,” Lieberman said.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  
More on Channel Business
contract-drafting

RackWare signs up to NetApp partner program

Firm integrating technology with NetApp and IBM

data-quality

Value over volume, RackWare says of expanded channel partner program

Aim is to have the right coverage with close relationships, VP says

divorce-pa

The velvet divorce? Options and disruptions to come from HP split

News that Hewlett-Packard is breaking into two companies continues to reverberate through the channel. While the ultimate impact on HP partners and customers remains unclear, the new entities will have plenty of options for plying their futures

treasure-chest-with-gold-coins

Channel strikes gold selling to non-techies

Tech sales staff busy selling to business units as much as tech staff, according to Gartner

Visitor comments
Add comments
blog comments powered by Disqus
In-depth
steps55

Time to step up: vendors missing the mark on IoT

A new study by AVG Technologies finds that SMBs and MSPs see tremendous potential in the Internet of Things as a driver of business growth – provided IT vendors and solution providers step up their game

wael-aggan-cloudmask

Vendor Q&A Series: Wael Aggan, CloudMask

The latest vendor executive to sit in the Channelnomics hotseat is Wael Aggan, CEO of CloudMask

healthy-heart

Microsoft getting healthy, thanks to consumers

Is it time to take the software giant off the watch list of tech companies in distress, at least on the consumer side, asks Larry Walsh

John Murdock - Kaspersky Lab

Vendor Q&A Series: John Murdock, Kaspersky Lab

The latest executive to sit in the channelnomics hotseat is John Murdock, Vice President, Channel Sales, Kaspersky Lab North America