Cyber-Ark Highlights the Seriousness of Data Security
Cyber-Ark Highlights the Seriousness of Data Security
September 15, 2008: Security firm Cyber-Ark has slammed a data breach in the UK that has seen the personal details of 5,000 Ministry of Justice staff go missing, saying that the situation highlights the need for EU controls on data security.
The controls would enforce the use of encryption of private and personal data on staff and members of the public, protecting sensitive data should a tape or laptop go missing.
“This time around it seems that staff at the National Offender Management Service, which includes a number of prison officers, have seen their data potentially leak into the public domain,” said Calum Macleod, Cyber-Ark's European director. “Given the fact that they are dealing with criminals who could, conceivably, use this data to get back at them, this situation is totally unacceptable.”
It’s not just the unexpected loss of data that is problematic either. Cyber-Ark’s call for more stringent data security controls also comes soon after it released the results of a survey of 300 security professionals that found an extremely hefty 88 percent would steal valuable information if they lost their jobs.
A meagre 12 percent of those surveyed said they would not take any valuable or sensitive information on the way out the door.
“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT staff has access to which allows them to see everything that is going on within the company,” says Udi Mokady - president and CEO of Cyber-Ark. “These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it's often considered too much hassle. When people leave the organisation, they can often still access the network using these passwords to acquire highly sensitive data.”
While the numbers do sound conveniently startling coming from a identity and data security firm, as we have seen with recent data breaches being complacent with data security is asking for trouble.
Cyber-Ark recommends securing privileged passwords and identities, and routinely change and manage them so that if an employee's contract is terminated, whether voluntary or not, they can't maliciously wreak havoc inside the network or vindictively steal data for competitive or financial gain.
Comment on this story