CIO Symmetry

Sep 5 2008   3:29PM GMT

Don’t ignore internal security (and don’t write passwords on Post-it’s)

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

Last year 8% of the IT budget went towards security. This year? 10%.

Khalid Kark, principal analyst at Forrester Research, Inc., presented security statistics at Forrester’s Security Forum 2008. For the past four years, CIOs said security was their top priority and despite the economy, three out of four said they would continue to spend ten percent of their IT budget on security. But how much of the budget is allotted for security against internal threats? Have we forgotten about the situation in San Francisco? Administrators were locked out of the system by one of their own — a top IT guy. And according to Forrester, the majority of security breaches involve internal employees.

Knowing that, I suppose I should have been prepared for the results of Cyber-Ark’s new survey. After polling 300 security professionals, the Cyber-Ark results claimed that 88% of IT administrators would steal valuable and sensitive company information if they were fired tomorrow. This isn’t like Jerry Maguire snagging the company goldfish on the way out – this is valuable company information! I’d like to know what’s going on to protect against that.

The Cyber-Ark survey also showed that “a quarter of the companies polled admitted to suffering from internal sabotage and security fraud in their workplace. One third said they believe industrial espionage and data leakage is occurring within their company.” Cyber-Ark CEO, Udi Mokady did offer some protection advice, suggesting securing privileged passwords, changing them often and managing them. And even though Cyber-Ark sells products that do just that (a teeny bit of a marketing pitch?) the results are difficult to ignore.

It’s not just malicious acts that threaten your companies security – employees who lose their laptop (or have it stolen from an office and then replaced…) also pose a security threat. IT sloppiness is also dangerous. The survey showed a third of the most powerful passwords are still being put on post-it notes. No comment necessary.

So how can you increase your security? Kark says it’s important to embrace change when it comes to security. He also provided three points to live by: have an open mind, educate yourself on new technologies and developments and utilize this education to solve the problems of today. Just because you updated your security system last year, don’t assume you’re as protected as you’d like to be today. As technologies change, so do the threats against them.

On a lighter note, Dr. Gary McGraw, CTO of Cigital, talked to us about software exploitation and EULAs (end user licence agreements). Apparently, the EULA you accept to access Microsoft’s Frontpage, disallows negative comments about Microsoft to be posted. Just a little tid-bit of information for you.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ironical
    Surely, nobody actually reads EULAs (I have slogged thru' a few, to no benefit), much less pass them to the legal department to give an opinion? Given their excessive length and legalistic language, they must surely count as 'unfair' and therefore unenforceable? This particularly applies if they attempt to infringe basic rights to perform acts that are otherwise legal and legitimate (such as criticising companies that do not fulfil their duties properly). It makes me laugh when the EULA for some trifling piece of lashed-up freeware incorporates a prohibition not to copy the software when you have just downloaded it for free, from the publisher! Who are they kidding!
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: