Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking
    • Storage

    Excessive Internal Data Access Privileges

    By
    Chris Preimesberger
    -
    June 11, 2012
    Share
    Facebook
    Twitter
    Linkedin

      PrevNext

      1Excessive Internal Data Access Privileges

      1

      System administrators with complete access to servers and data pose a tremendous internal threat if they turn against the company. So does anyone (including executives) who maintains inappropriate access rights to information after changing positions within a company.

      2Third-Party Access

      2

      Employees of third parties may have access to any unencrypted data. Data stored in the cloud can be located across the country or overseas and sit on physical servers owned by one vendor, but housed in facilities owned by any number of data center hosts.

      3Political Hactivism

      3

      Politically motivated hacking is on the rise, as illustrated by organizations such as Anonymous and Lulz-Sec. However, they assert that much of their success comes from finding easy targets, not because of any particular technical expertise. While you may not have control over whether you’re attacked or not, you can make it far more difficult for an attacker to succeed.

      4Social Engineering

      4

      Using lies, deception, manipulation and more to gain sufficient knowledge to dupe an unwary company (and any unintentionally yielding employee) is an age-old technique. But it’s no longer limited to just the phone; it can be done over a social network. Posting the details on Facebook of every aspect of your upcoming “unplugged vacation” may be just the weak link of information that a scammer needs. Â

      5Internal Negligence

      5

      Negligence is typically an offense committed by management when “they should have known better.” Most successful data security breaches have some element of managerial negligence associated with them.

      6Lack of Transparency in Cloud Service Offering

      6

      Never, never, never leave it up to blind trust that cloud service providers are implementing appropriate security measures and looking out for their customers. Check service providers thoroughly.

      7Rogue Certificates

      7

      Many whitelisting and application control systems depend on valid digital systems, which basically tell the operating system, “You can trust me, because I am valid.” Using rogue or fake digital certificates that are in circulation, attackers can engage in almost undetectable attacks.Â

      8Mobile Devices in the Workplace

      8

      A balancing act of convenience versus security, the growing use of personal mobile devices puts organizations at risk and leaves the company vulnerable to attacks. This is an especially sensitive area for companies that have yet to create and enforce a strong bring-your-own-device policy. Most have not.

      9Misuse (Malicious or Nonmalicious)

      9

      Misuse of entrusted organizational resources or privileges is exclusive to parties that are trusted by an organization, such as insiders and business partners. This also happens when policies are not clearly defined and enforced. Abuse flourishes when boundaries are not well-established.

      10Physical Attacks

      10

      Tampering, surveillance and theft can be caused by a disgruntled former employee. Terminated employees who still have their security badges can easily gain access if the badge system was not updated upon termination.Â

      PrevNext

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×