Your friend and colleague is your hacker – security expert
The person most likely to be a hacker is not an eastern European criminal or a spotty teenager but the very person sitting next to you at work, according to a security expert.
Calum Macleod, European director of information security company Cyber Ark said that most common hacker is probably ‘sitting in the cubicle next to you’.
‘This is someone who gets to work early, takes his or her turn cleaning out the office fridge, tells funny stories at lunch and, at some point, makes a very dumb move,’ he said.
MacLeod said that this scenario started when the hacker-next-door sees a file directory or workstation that’s just ‘too juicy to pass by, like one named ‘Salary Comparison.’ It’s simply too tempting not to peek inside,’ he said.
He said that curiosity and revenge were the two main factors that motivated this type of hacker.
‘These situations take place when a web-savvy employee gets ticked off,’ said MacLeod. ‘Maybe their Christmas raise didn’t make them too merry. Perhaps their boss just handed them a work improvement plan and a reason to cause trouble.’
He said these hackers then sniff around networks looking to access email servers and financial data.
According to data from the FBI, 70 per cent of all security breaches are caused by internal hacker attacks. He said that if a rogue employee wanted to gain access to a system they would most likely look up how to do so via a search engine.
‘A few key words later, and anyone can discover that the most common – and effective – type of hack into a target system is to become what’s called a ‘script kiddie,’ he said.
He said that default passwords are easily found on the Internet. MacLeod pointed to a recent survey carried out by his company which found that 20 per cent of all workstations have an Administrator ID that’s still set to the default password.
‘If the built-in default doesn’t work, the would-be hacker may try some simple passwords like CompanyName123,’ he said. ‘You’d be stunned how often these basic password scenarios, also available as mini computer programs on the web, are the fastest way into any organization’s data.’
He said there are automated ways to securely change privileged passwords and to tie an individual ID to a shared one. But he said until ‘these solutions become standard tools in most enterprises, I’d keep a close eye on the folks around you. You never know who is privileged to your information.’