- 79% of those who did admit to taking information without permission offered various reasons why they did it, including "everyone else does," the information may be useful in the future and "the company can't trace the information back to me."
- 24% of these former employees responding to the survey said they still had access to their former employer's computer systems after they left, with over 50% citing between one day to a week, but 20% more than a week.
What if the employee happens to be a privileged user with access to the company's most sensitive data? A recent incident at Fannie Mae underscores the importance of tighter control and better visibility of privileged user activities. According to this reports from the Associated Press and ZDnet.com:
A contract worker for the financial giant has been charged with planting a rogue script designed to destroy all data on the company’s 4,000 computer servers nationwide after the contractor was terminated, but his server privileges were not.
Makwana worked at Fannie Mae’s data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers.
In this case, the script was found through fortuitous intervention, but the incident demonstrates the need to provide tighter controls for privileged users. Last week, Novell acquired the technology assets of Fortefi and introduces Novell Privileged User Manager – a new product that allows granular access control (including immediate termination capability) and auditing of “super” or “root” users across multiple systems including Unix and Linux environments.
Novell Privileged User Manager minimizes exposure to unauthorized transactions and information access so you won't hear, “the company can't trace the information back to me,” or “ everyone else does it,” in the cubicle corridors at your company.
Novell Privileged User Manager will be available in the first half of 2009. Click here for more information.