And itís pretty much the same in most organisations. Years of abuse and misuse of privileges by staff, particularly in IT eventually catches up with you and itís impossible to hide the tell tale signs of wear and tear, particularly when it comes to controlling access to sensitive business assets. And the result is that eventually if you donít take steps to control things you will be caught out. Like a bad nose job, or the untrimmed nostril, you will get caught out.
If most us are honest with ourselves we complain about the nanny state banning everything that is bad for our health but deep inside we know that many things are probably for our own good. And in the same way we complain about the increasing interference in our private IT worlds of controls and regulatory compliance but deep down we know that internal controls for privileged user access rights and controls has been abandoned, or in many cases only given lip service in many organisations, and these controls are bringing us face to face with results of years of neglect.
And the result is that weíre risk being hacked either by thrill seekers, the curious, or the downright vindictive employee. Independent research clearly shows that a lack of improper segregation of duties, failure to control users with superuser access to files in production systems, failure to secure data in applications, a lack of processes coupled with a lack of reconciliation of these processes to the IT systems used, and a failure to secure access to operating systems and databases that support corporate financial applications and transactions, are the prime cause of most breaches and compliance failures.
The increase in computer-related theft and fraud is forcing the issue of internal users and privileged access into the open. This is clearly shown by the current case in the US courts of the IT executive who is alleged to have used his knowledge of system passwords to hack into a companyís system remotely and accessed emails and other information. And the bottom line is that it is simply too easy for people with a limited amount of knowledge to do this. I mean who would expect an IT executive to be able to do this!! Most of us so-called IT executives are considered to be in the Dilbert Managerís category when it comes to understanding bits and bytes, and yet even an IT executive can hack a system today with the tools that are so easily available.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.