Imprisoned hacker Robert Moore says it was child’s play to dig into thousands of corporate systems because most IT groups don’t follow basic hygiene such as resetting default passwords and keeping logs. Is it the CIO’s fault? If so, should he be fired? Reprimanded? I can tell you for certain that the people who tend to expose a company to being hacked are the admins. Why? Because they’re the only ones with the elevated system and network privileges to bypass the security policies and settings that everyone else has to abide by.
When I first got into network administration I saw first hand how admins gave themselves preferential treatment, and then excusing it by saying that it was necessary for them to do their jobs faster and better. In other words, it was for the “greater good”. Some companies are worse than others of course. I’ve had clients that were really hard core about security, and Ive had clients that were just the opposite. In most cases it’s the “tone at the top” that determines the commitment to information security. Something else that is very disturbing though is the tendency to make excuses or place blame on someone else (like a subordinate). Whatever happened to “the buck stops here” mentality?
No related articles.
