Thursday, January 20, 2011

Excessive Access Rights + Disgruntled Employee = Trouble

Excessive user access privileges let a disgruntled employee cause $7 million in damages. The trusted employee was a wiz at fixing any IT problem so she accumulated privileges far beyond her job requirements. When the company outsourced IT, she planted logic bombs that crashed racks of servers after she left the company.
"There is this tendency to give these people more privileges than they need because you never know when they'll need to be helping someone else out." - Larry Ponemon, Ponemon Institute
Learn how the Veriphyr Identity and Activity Analytics Service discovers users with excessive access privileges so you can avoid "privilege creep" disasters.
This is what happens when privileges are granted to an individual to handle a specific task but are not revoked when the person no longer needs them. - Larry Ponemon, Ponemon Institute
The company continuity plan kicked in and they switched to their backup servers, but the woman had put logic bombs on the backup servers. It was very difficult for the company figure out the problem and recover because the crashes seemed to have no common cause.
"A malicious employee [who's] angry can do a lot of damage in a way that's hard to discover immediately and hard to trace later. " - Larry Ponemon, Ponemon Institute
Sources:
(a) Security Fail: When Trusted IT People Go Bad - Computerworld, Jan 18, 2011
(b) Ponemon Institute

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.