'Unstable' IT pros sabotaging systems

Two-thirds of incidents involved infiltration using passwords that had not been cancelled

A recent study by the US Secret Service and the Software Engineering Institute at Carnegie Mellon has called into question the mental stability of many IT professionals.

The research analysed cyber-crime across critical infrastructure sectors and found that nearly 100 per cent of insider IT sabotage was carried out by people who were 'disgruntled', 'paranoid' and/or 'argumentative'.

It went on to reveal that 86 per cent of saboteurs held technical positions, and 90 per cent had system administrator or privileged system access.

Some 40 per cent of those who sabotaged IT systems were employed at the time of the offence, but the majority of crimes were committed by ex-employees shortly after termination.

Around 64 per cent of incidents involved infiltration via virtual private networks using passwords that had not been cancelled, thereby taking advantage of poor security and gaps in their organisation's access controls.

Calum Macleod, European director at security firm Cyber-Ark, highlighted the dangers of companies being frivolous with 'power passwords' and noted how dangerous passwords can be if not properly managed.