Improving IT security: is it too late for you?

Internal controls for privileged user access rights and controls has been abandoned, or in many cases only given lip service in many organisations, says Calum Macleod, European director of IT security consultancy, Cyber-Ark. Mr Macleod believes that these lack of controls are bringing companies face-to-face with results of years of neglect. The result is, he argues, that companies are at risk of being hacked either by thrill seekers, the curious, or by downright vindictive employees. Mr Macleod identifies the prime causes of most breaches and compliance failures as a lack of improper segregation of duties, failure to control users with superuser access to files in production systems, failure to secure data in applications, a lack of processes coupled with a lack of reconciliation of these processes to the IT systems used, and a failure to secure access to operating systems and databases that support corporate financial applications and transactions.