Trust still an issue in IT as insiders abuse access rights

by Steve Ragan - Jun 12 2009, 16:00

A year after a survey on the same topic, Cyber-Ark has once again talked to IT professionals about trust and insider threats and discovered that the issue has actually escalated. Moreover, 74 percent of those who talked to Cyber-Ark said they could circumvent access controls if they wished in order to snoop around on the network.

Cyber-Ark talked to 400 IT professionals, which is clearly a small sample of the global IT presence. Furthermore, this small sample simply cannot account for IT as a whole, especially when it comes to professionalism and trust regarding network access. However, based on the results, Cyber-Ark found a seriously cynical crop of IT people this year.

When faced with the question: “What would you take with you,” the survey found a six-fold increase in departing staff who said they would take financial reports or merger and acquisition (M&A) plans, and a four-fold increase in those who would take CEO passwords and research and development (R&D) plans.

By comparison, in 2008 only seven percent said they would take M&A plans when leaving the company, which is a considerable difference when gauged against the 47 percent revealed by the current report.

“I would say that at least two-thirds -- maybe more -- of customer requests we get, controls on IT guys are something they ask about. Either there’s a compliance requirement or an audit requirement for it, or they just know these guys have the keys to the kingdom,” said Jonathan Gohstand, Vice President of Marketing at PacketMotion.

“Sometimes they also have an attitude, they kind of think they’re sort of above the law. We had a customer, we put our gear in, and they found out that the IT admins were using the Windows domain controller to host movie downloads from the Internet,” he added as an example of trust abuse.

PacketMotion is a vendor that deals with access control and auditing. What it does is take policy enforcement and keep it simple. While not a one-stop shop for DLP or other security services related to access and insider troubles, PacketMotion does have something interesting when it comes to tracking and control.

It isn’t the technology, it's the ease of use and the report manipulation PacketMotion uses that makes it stand out as a control vendor. Anyone can collect logs and data, but making things visible on a granular level is easier said than done.

Organizations are increasingly aware of the need to monitor privileged account access and activity, outlined Cyber-Ark. According to the new data, 71 percent of respondents indicated that privileged accounts are partially monitored, while 91 percent of those who are monitored admitted they are “okay with their employer’s monitoring activities.” Despite these efforts, 74 percent of respondents revealed that, even with monitoring controls in place, they could still get around them, thus making current controls ineffectual.

Something else stood out In the Cyber-Ark study, as it claimed that one in five companies admit having experienced cases of insider sabotage or IT security fraud.  Of those companies, 36 percent suspect their competitors have received the highly sensitive information or intellectual property.

“The lack of controls that customers have on the inside I think is really shocking,” Gohstand said. In explaining the value of the controls, he gave The Tech Herald a quick run down on a sabotage-related issue that happened within the last month to one of his own customers.

“There was a customer, [a] big name manufacturer that everyone has heard of them kind of thing. They were downsizing, of course, because of tough times, not selling as much product; laying people off, people think they’re going to leave. Well we installed our gear, and we got a call from them about a month ago. They said ‘our whole network is down, can you come down?’”

So Gohstand's team went to visit the customer and take a look at things. “...what happened was, a disgruntled employee, he was still an employee of the company, he was at home – we used our tool to do the forensics and find all this out – he comes over VPN (they had a checkpoint VPN system) then he bounces around to a few servers to hide his tracks. [After that] he goes into the two core network switches and blows the configs out. That’s what [took] everything down,” Gohstand explained.

Trust is a major issue in IT. While Cyber-Ark's data shows a serious breakdown in trust, it does not mean all of IT is like this. However, the overall issue here is that no one in a business should be exempt from monitoring. Both Cyber-Ark and PacketMotion offer products to deal with this. Yet, all the monitoring in the world will not stop someone from violating trust and taking information or sabotaging a network. All it really does is make it easier to catch people in the act.

Around the Web

comments powered by Disqus