May 23, 2011

40 Percent of IT Workers Could Hold Employer Networks Hostage

ROUGHLY 40 percent of IT workers believe they could hold an employer's network hostage - even after leaving the company - by withholding or hiding encryption keys, according to a recent survey of 500 IT security specialists.

The study, released today, May 23, also revealed that a third of survey respondents were confident that their knowledge and access to encryption keys and certificates could bring a company to a halt with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and encryption provider.

“It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where the keys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.”

31% of respondents astonishingly said that they could still access organisational data because they could easily retain the encryption keys when they left and access the information remotely. Finally, 24% of respondents to the survey admitted that their fear of losing encryption keys is what is deterring them from investing in encryption key and certificate solutions to protect digital assets and secure sensitive system communications.

On the public side, the city/county of San Francisco knows the perils of employees holding passwords hostage all too well. Last year Terry Childs, a former city network engineer, was found guilty of felony computer tampering for withholding passwords to the city's main computer network in 2008. Last week a superior court judge ordered Childs to pay $1.5 million in restitution to San Francisco.

Childs refused to hand over the passwords to the FiberWAN network, which handles computer traffic for about 60 percent of the city's departments, to his supervisors and to police.

1 comment:

lauren said...

I completely agree with the survey results.Being a software developer myself I have access to all keys used in my company.And I can save them on my personal laptop too which will remain with me eve if I change job.
digital signature Adobe Reader