Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

US Bank IT Employee Data Theft Highlights Risks of Insider Threats

CyberArk Software : 15 February, 2010  (Technical Article)
A recent data theft incident allegedly involving an employee at Goldman Sachs provides stark warning of the risks of allowing IT staff to have extensive access to sensitive corporate data
Reports that a computer programmer charged with stealing data from a major bank has been indicted by a federal grand jury in the US shows how easy it is for valuable company data to electronically go walkabout, says Cyber-Ark.

'This case is interesting as it apparently involves a former member of the bank's IT staff allegedly downloading software and allied data from his former employers' servers, and relaying it to a German Internet account,' said Mark Fullbrook, UK and Ireland director with the data security specialist.

'It's also alleged that the ex-employee also stored company computer data at his home, ready to take to his new job. The fact that the man was earning $400,000 a year indicates how high up he was before left the bank last June,' he added.

More than anything, says Fullbrook, the case is a classic example of what can go wrong when you allow IT staff complete and unfettered access to the company's data.

Whilst it's clear that IT staff have the best chance of gaining unauthorised access to company data, had the data been stored in a secure and encrypted environment, then it could have been securely shared with only those staff that needed access, and logs maintained on who accessed what information and when, he explained.

'If private data is relayed across a company's network in any way, it should be protected from prying eyes. This is commonsense IT security. Using this approach would have meant that those who should have had access to the data, would have been able to look at it" he said.

'This case is a significant failure of IT security procedures at multiple levels as far as the financial institution is concerned. It is to be hoped that a full investigation will ensue and remedial action is taken, including installing a secure and managed file sharing solution, allowing staff access to the data they need, but in a highly controlled manner,' he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo