What is the biggest threat within a corporate network? Of course, your employees are, but there are bigger threats within….And who are they? They are the ones who maintain, who build and who knows more about your networks and how it works…. Your SYSTEMS ADMINISTRATOR.
When the database, network or systems administrator goes rogue — stealing data, setting up secret access for themselves, even in anger planting logic bombs to destroy data , or just peeking at confidential information they know is off limits — they become the very insider threat that the IT department is supposed to be guarding against.
Indeed, IT workers with privileged access to the network are often considered a greater risk and potential danger than other types of employees.
It doesn’t mean they’re guilty of anything. Sometimes they’re just trying to get the job done, but they’re outside the bounds of the organizational policy.
Sometimes IT workers are pushed by demanding users, such as business and sales managers, to perform tasks in a hurry or to violate official IT policy by, for instance, adding printers on network segments where that’s not allowed.
An IT Security report points out that external agents such as hackers are responsible for stealing far more records than insiders. Nonetheless, the report says that most insider cases — 90% — are deliberate and malicious, and they usually involved misuse of privileges. The report notes that employees often get more privileges than they need to perform their job duties, with monitoring usually insufficient. Another finding is that 24% of crime tied to internal agents was associated with those undergoing a job change, whether being fired or resigning, newly hired or changing roles within the organization.
Sys admins themselves know their power is substantial and can be abused by disgruntled coworkers.
How to keep that in check? Well a regular third-party audit is recommended, wherein the audit processes should be made by third party technical auditors, not just plain auditors who focus more on the procedures than on the technical stuff. Another workaround is that a business may outsource all of their systems administration activities.
But will outsourcing these internal system administration activities is more riskier? I really do not think so. For one, outsourcing is done by professionals and they are covered with a more defined coverage and protection agreements in the form of NDAs and SLAs to ensure that the business information remains confidential. This really does not hold true with your internal employees.
And lastly, if these options are not feasible with a business, the solution is simple…… KEEP YOUR SYSTEM ADMINISTRATORS happy…. Trust me, I have been there, have done that.. And nothing beats you knowing that your system administrator is working on your side..