Even Your IT Department Needs Monitoring

 

IT departments contain a huge amount of confidential information left in the hands of highly capable and experienced technicians and other related professionals. Network administrators and those with administrator level access prevent the greater user force from entering into unauthorized network areas.

A recent survey compiled by Cyber Ark Software has revealed an uncomfortable trend. The research, comprising of four hundred IT professionals, discovered that the very same professionals we trust to guard our sensitive data by the very same ones who access the data in a very unauthorized nature.

A press release from Cyber Ark Software states, “The survey discovered sixty seven percent of respondents gained access to data not relevant to their positions. When asked what department was more likely to snoop and look at confidential information, more than half identified the information technology department, a given option of the group’s power and responsibility of caring for many systems across the business model.”

Forty one percent of the individuals in the survey confessed to the abuse of administrative passwords and snooping into confidential or sensitive data they shouldn't have access to or had access to. Administrators located in the United States were interested and customer databases while United Kingdom IT administrators had an interest in human resource records. Even though the IT administrators of the survey said companies and organizations are placing more effort into monitoring who has a privileged access, and attempting to put a stop to unauthorized snooping, most of the professionals in the survey are complete belief they can circumvent any controls placed on the data if they desire.

Looking at the overall picture it does not bode well for organizations seeking to control this type of behavior. Information attacks and other related unauthorized entry that occur inside an organization happens more often than a company or business may want to believe. A study performed in the early part of 2009 revealed that approximately sixty percent of employees who were either asked to leave or quit a job that stolen some form of company information. The study showed that within the stolen data sixty five percent represents e-mail lists, non-financial business information was taken forty five percent of the time, thirty nine percent of the theft involved customer contacts lists, employee records comprised thirty five percent of the theft, and financial information was stolen sixteen percent of the time.

The executive vice president of Cyber Ark's Corporate Development Adam Bosnian said, “Between human nature and curosity as something we may never control, we should notice fewer individuals discover it easy to perform, showing there are effective controls to manage privileged access rights. As insider sabotage rising, businesses must heed the warnings.”

With great awareness it should be evident the insider threat to secured data is happening with much more frequency and is harder to detect. By placing controls internally that monitor who has privileged access to confidential data and how that access is being used is a necessary step to control the insider theft.

Ranking the largest threats to information security today, information loss due to breaches occur thirty nine percent of the time with threats from social networking occurring just under thirty six percent. Threats of an internal nature occur a little more than thirty three percent of the time matching the thirty percent of threats that arrive from Trojans, key loggers that steal information, and other similar methods. Social engineering and phishing techniques account for twenty seven percent while viruses occur more than twenty five percent of the time. Internet worms have been twenty one percent of the time while organized cyber crimes and related networks take place just under twenty percent of the time.

CISSP training is designed to strengthen and increase your protection against unauthorized information intrusions. Organizations should contain in their midst and expert, certified information security professional to assist in guarding against the various threats that continually attempt to compromise your vital data. training is a source of a comprehensive information security courses comprised of environmental security, access control, security risk management, network security, organizational security, and many more aspects and best practices that are utilized successfully by many enterprises and government entities.

About Us: Next Generation Training is your computer training resource delivering a blended learning solution. Employees are the driving force behind your business, and therefore require specialized training to enhance your IT capabilities and improve the success of your business. IT certification courses including Microsoft Office 2010 training, Windows 7 training, project management training and more are available and enrich all users. Inquire how Next Generation Training can become your premier source of quality IT training.