Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

IT pros can't resist peeking at privileged information

Posted on 05 December 2011.

IT security staff will be some of the most informed people at the office Christmas party this year. A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place.

Lieberman Software’s recent password survey found that IT professionals just cannot resist peeking at information that is supposedly barred to them. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people’s Christmas bonus details.

42 percent of those surveyed said that in their organisations' IT staff are sharing passwords or access to systems or applications
26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations.

Philip Lieberman, President and Chief Executive Officer of Lieberman Software said: “Our survey shows that senior management at some of the largest organisations are still not taking the management of privileged access to their most sensitive information seriously. When someone can admit that they have unsupervised, unaudited and unauthorised access to all their colleague’s and superior’s bonus details then the IT security of that organization is seriously flawed.”

He continued: “These organisations have to learn from the example of their peers who have taken this situation seriously and introduced Privileged Identity Management software to add a layer of automated security that dishonest staff cannot bypass. Organisations that fail to do this could end up in the same situation as UBS AG, which lost US $2.3 billion when rogue trader Kweku Adoboli was allowed unfetterd access to their systems and Societe Generale which lost $US 7 billion when Jerome Kerviel was allowed to run up ‘secret trades’ which senior management knew nothing about.”

“These fundamentally careless practices and procedures revealed by the IT departments of the organisations we surveyed could cost them dearly in 2012. In many ways they should be breathing a sigh of relief that they have not been breached yet, but it’s just a matter of time,” Lieberman said.