Bad account management leads to breaches

Outside intruders from distant places may pose a great threat to company security, but there is often another culprit: Poor in-house account management.

Security experts say there have been a number of cases of former employees stealing proprietary information by using old account or login credentials that have not been changed. In some instances, hackers with no connection to a firm can find the old account information and use it to their nefarious advantage.

If companies seek to keep track of accounts, they often do so manually, and that is not always an efficient or successful way to operate.

"They're not even aware of who has access into these databases and how many accounts are there," Prat Moghe, general manager of data compliance for Netezza, told DarkReading.com. "Management in the database space is highly manual. Many people actually keep Excel spreadsheets manually of how many accounts are in the database and who has ownership, so there is no automation around it."

Experts say the key is for organizations to admit they have a problem.

"They have to ask themselves the question, 'Where do we have accounts? Tell me all of the places where we have accounts, and tell me all the things they use these accounts for?'" Phil Lieberman of Lieberman Software, told DarkReading.com. "And the second question is, 'So we're using these accounts--when were those passwords changed?'"

For more on account management safeguards:
- see this DarkReading.com article

Related Articles:
Cost of data breaches gets higher
The 10 most terrifying IT debacles of 2009
Security breaches are no joke