Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Database
    • Networking

    Network Admin Arrest Puts Spotlight on Insider Threats

    By
    Brian Prince
    -
    July 17, 2008
    Share
    Facebook
    Twitter
    Linkedin

      When reports of a disgruntled network administrator locking his co-workers out of San Francisco’s new FiberWAN first touched my ears, the first thought that raced through my head-besides the word “wow”-was that this was a clear example of how an insider can potentially bring IT operations to a screeching halt.

      Terry Childs, 43, pleaded not guilty today, July 17, to four counts of computer tampering. His arrest earlier this week set off both an explosion of media coverage and discussions about the importance of keeping an eye on the people keeping an eye on corporate networks.

      But the difficult thing about discussing insider breaches is getting a grasp on just how much of a threat they actually are. For example, a CA-sponsored study conducted by The Strategic Counsel and released today reported that 44 percent of the 500 respondents identified internal breaches as a key security challenge over the 12 months preceding the survey-up from 42 percent in 2006 and just 15 percent in 2003.

      Conversely, the number of respondents reporting virus attacks in the 2006 and 2008 surveys decreased from 68 percent to 59 percent, network attacks from 50 percent to 40 percent, and denial-of-service attacks from 40 percent to 26 percent.

      “The potential aftershocks of an internal breach have the attention of both the business and the IT organization. And for enterprise organizations the priority has now shifted from reactive to proactive security strategies to deal with this threat,” Lina Liberti, vice president of CA Security Management, said in a statement.

      However, The Strategic Counsel study flies in the face of a report released in June by Verizon. According to the study (PDF), only about 18 percent of the more than 500 forensics engagements handled by the Verizon Business Investigative Response team from 2004 to 2007 were due to insider breaches. Some 73 percent were due to external threats, and the rest came from business partners.

      Still, the median size of confidential records revealed in insider breaches was roughly 10 times larger than in the case of external breaches covered by the Verizon study.

      “We have an old tradition in the IT industry of using trust in the administration of systems,” said Jeff Nielsen, senior product manager at Symark International. “It most likely developed over the years from operating systems like Unix where there is an all-powerful super user account root and there may not have been tools available to manage access to [the] root. So we had to trust our administrators to do the right thing. In most cases they do, but it’s the one guy that goes amok that creates huge problems.

      “Mr. Childs, if he did what he is accused of doing, is just the latest in a series,” Nielsen continued. “We tend to forget the Societe General, Tenet Healthcare and Barings Bank incidents when they become old news.”

      True enough. A look at the chronology of data breaches provided by the Privacy Rights Clearinghouse does show a number of incidents of employees stealing or improperly exposing confidential information-as well a litany of lost laptops and other devices. And of course, there are also numerous mentions of hacks.

      “The best practice is to trust but verify,” said Yama Habibzai, senior director at Netcordia, a provider of network management tools. “There needs to be some level of trust within the organization, but the organization needs to have the tools in place to verify that employees touching the network are making accurate and approved changes.”

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×