This has been a continuous problem with companies. Due to their policies (or just sheer ignorance), they are not restricting the privleges that their employees have to company networks. Because of this, employees are able to access (and even modify) sensitive information, alot of the time without management knowing. Have a look at this:

Databases lie at the heart of most companies, and contain many of the most valuable assets of these organisations, and indeed of their customers. These assets range from research data, development plans and price lists through to Social Security numbers, credit card information, health records and buying habits.

An independent survey published by Secerno suggests that databases are open to attack from growing insider threats.

Key findings from the survey were:
* Over 60 per cent of UK employees have access to computer records at their place of work
* 41% have access to records that are not necessary for their job
* One in ten has been tempted to abuse this access.
* 56% of employees have no restrictions placed on the information they have privileges to access.

Until now, there has been no way of stopping internal employees who have the necessary permissions to access a database from abusing those rights. In addition the incidents of database attacks originating outside the company are growing rapidly. A few high profile examples are hitting the headlines but this is just the tip of the iceberg. The trend now is towards targeted database attacks, using skilled hackers to obtain specific data from a specific company, by getting access through conventional firewalls, or by corrupting web applications, often with insider assistance. There has been no effective way of addressing these vulnerabilities.

“Secerno.SQL, which we are launching today, is a totally new generation of security product. For the first time it is now possible for companies to protect their databases effectively from both insider abuse and targeted attacks.” said Paul Davie, CEO and co-founder of Secerno.”

Secerno has developed a unique new appliance that understands the patterns of normal access to each individual corporate database. The model of normal access is like the DNA of the database, and is learned over a period of time by the appliance, and will adapt to changing usage patterns. As such, IT Departments do not have to build complex policies; the system does it for them. The appliance can be installed in a matter of minutes and will then learn normal database usage, going on to protect the system without complicated user intervention.

“This technology is unique” said Steve Moyle, CTO Secerno, “and evolved from research in Machine Learning that I undertook at the University of Oxford. To our knowledge this type of technology has never before been applied to database security. This is another great example of UK technology breakthrough.”

Read the rest of this article HERE.

We hope that eventually companies will finally understand that by simply restricting employee privileges properly, they will dramatically save themselves heartache in the longrun. But, it seems like you hear more about these interesting situations everyday; we can only hope for a solution.

Tags: Computer Protection