Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Bank Data Breach Could be Due to Poor Privileged Account Management

CyberArk Software : 15 March, 2010  (Technical Article)
Cyber-Ark comments on the HSBC data theft incident being investigated by FINMA in which as many as 24,000 account holders may have been compromised
Reports that the Swiss regulator FINMA is investigating the theft of data on up 24,000 private clients of the Geneva private bank of HSBC Holdings has been met with astonishment by Cyber-Ark, the data security specialist.

'We're surprised as the data theft appears to be down to a lack of privileged account controls at the bank. Here is yet another powerful example of the significant risk of unmanaged and unmonitored privileged accounts,' said Udi Mokady, Cyber-Ark's president and CEO.

'We are seeing that organizations now get the message about the high risk of not controlling their privileged accounts and superusers, not recording their privileged sessions and that there are proven processes procedures and products available to help address exactly this type of privileged identity risk,' he added.

According to Mokady, this subject has been the topic of our major `got privilege' campaign that has just taken place in the US.

'As we promised our clients last November, next month (April) we will be launching version 6.0 of PIMS - our Privileged Identity Management Suite - which represents a major step forward in privileged user account control,' he added.

According to Mokady, key features of PIMS 6.0 will include granular super-user access controls, as well as intelligent privileged account detection.

This latter facility, he explained, helps to lower the implementation costs, as well as reducing the overhead required to add in new users and systems as they are commissioned.

This is what makes PIMS 6.0 ideal for major financial institutions such as HSBC, which clearly have a lot to lose from the insider threat - and which may be the cause of the Geneva private client data leakage - since it protects the information from anyone who is not directly and transactionally required to access the data.

'We are seeing a lot of interest in privilege user management amongst our major customers. Privileged users often have multiple contacts in their accounts and this can pose a potentially serious security risk to an organisation if a high privilege account is compromised', said Cyber-Ark's president and CEO.

According to Mokady, the problem of securing privileged accounts within a corporate environment is a potentially major one, as it requires a `top down' approach to IT security.

PIMS 6.0 will allow Cyber-Ark to become the first IT security vendor to provide a unified, policy-driven approach for shared- account/software-account password management and super-user privilege management.

Features of the expanded suite include an automatic privileged account detection capability which, by using distributed architecture, allows companies to adhere to relevant audit and compliance legislation such as PCI DSS and Sarbanes Oxley.

'Existing security software in this domain only addresses the issue of granular access privileges of super-user accounts at the point of usage, which is only part of the picture,' he said.

'Although it remains to be seen what the actual cause of this high-profile and potentially very damaging data leak actually was, PIMS 6.0 can go a long way towards preventing this kind of situation developing and placing and organisation's reputation in the grinder,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo