Do you trust your System Admins?

In today’s digital world, system administrators or IT admins play a critical role in managing and securing the digital assets and overall IT infrastructure of a business. These individuals hold enormous power over the critical IT infrastructure of organisations and are positioned to safeguard these critical assets from various inside and outside cybersecurity threats. What if an IT administrator goes rogue? Bag things happen! From selling off your business data and renting your idle IT equipment, to spying on executives and abusing the privileges for their own gain, rogue system administrators can cause unwanted complications for your operations and serious issues for your staff. In this article, you will learn how to spot a rogue administrator and avoid the potential damage.

Why do system administrators go rogue?

Despite the fact that rogue employees still account for 22% of insider-threats, most IT and security administrators are professional, honest, trustworthy, and perform actions true to their role. The chances of your business having a rogue employee or a rouge IT admin are very low. However, as a business owner, it is always better to keep a close eye on your employee’s behaviors and their level of job satisfaction. Why administrators or employees, in general, go rogue can include a number of factors depending on their personality traits and personal mindset. Some common factors that can contribute to an employee going rouge include:

  • Excessive workloads
  • Poor communication
  • Fundamental disagreements
  • Toxic work environment or dysfunctional workplace culture
  • Poor work-life balance, stressful situations
  • Workplace politics
  • Leaders lacking accountability
  • Not receiving deserved incentives and rewards
  • Feeling a lack of appreciation or gratitude
  • Comparatively low monetary compensation with poor benefits.

These are but some of the contributing factors towards trusted employees going rogue. The key to avoiding employee dissatisfaction is to strike a balance between work and personal life while developing a supportive and healthy workplace culture. In order to cultivate a healthy and supportive workplace, as a business owner, you must identify the employees with rogue tendencies as they may expose your business and other employees to financial, reputational and personal risks. 

3 types of rogue system administrators to watch out for

IT admins, security executives, network administrators, or general employees, all types of employees with malicious intentions can put your organisation at risk of exposure. A single employee can make the workplace environment hostile and uncomfortable. Therefore, IT admin or not, it is always critical for you, as a business owner, to keep all of your employees in check to identify any malicious tendencies in your employees. However, with that said, your general employees, unlike your system administrators, may not have the same level of access and control over your business-critical assets. This is what makes your system administrator more of a threat were they to act maliciously. It is important that in addition to monitoring and supervising the performance and activities of your employees in general, for your IT and network administrators it is important to validate their professional ethics. Here are some of the types of rogue system administrators to watch out for.

Type 1: The Entrepreneur Rogue IT admin

In addition to reports of rogue employees selling off their company’s data, there have also been many reported cases of rouge IT administrators using the equipment and resources of their organisations to set up side businesses for themselves due to weak company policies and lack of supervision and accountability. Typically, system administrators have full control over digital assets, networks, and IT equipment – giving them authority over the full IT infrastructure of the organisation. Rogue systems administrators are skilled in routing traffic and changing firewall rules to cover up their unethical side businesses. Admins with a particular mindset will go to any length to skillfully set up and hide their side hustles such as selling your organisational data to cybercriminals, running illicit websites on your servers for their personal profits, or even worse.

Type 2: The Spy Rogue IT admin

Not only do IT administrators have control over the security systems, networks, and IT equipment of your organization, they usually also have possession of critical and sensitive data and knowledge about existing security vulnerabilities, weaknesses within the organisation, intellectual property and may know where to find your trade secret information. A rogue admin may decide to sell key information to your business competitors for a personal profit. Additionally, admins with spying tendencies also tend to abuse their privileges to spy on other workplace employees for personal amusement, manipulating and coercing others, distasteful actions, or worse.

Type 3: The Know-it-all Rogue IT admin

It’s a given that most IT and system admins are geeks. They are more highly skilled and tech-savvy as compared to the rest of the workforce. Likely they often help in educating the workplace about security policies and procedures. However, some know-it-all types of admins go beyond the acceptable boundaries to teach a lesson to staff members who may find it challenging to promptly adopt an important of security practice. Such admins may roam around the workplace during lunch breaks in search of unattended open computers so they could delete all the files on the employee’s system to “teach them a lesson”. These types of rogue admins do not hesitate to dispense their own form of justice if they find an issue or a practice they don’t approve of. They may use their position to enforce the practices that they believe to be appropriate, rather than following guidelines and adhering to company policies.

Best Anti-rogue defense

Whilst you may never be able to accurately predict rogue behavior by an employee, there are red flags that you can watch out for and precautionary steps you can take today to spot a rogue and minimise the fallout. One of the best ways to do so is by leveraging User Behaviour Analytics tools to monitor and assess the activities of your key employees and administrators. This will enable you to quickly identify any unauthorised configuration, firewall rules changes, data transfers, privilege escalations, and similar activities. Immediate detection of such behaviors will allow you to pinpoint the employee who is making the unauthorised changes and will place you in a better position to investigate and take appropriate action.   Role rotation and enforced leave can also provide opportunity for another administrator to gather information on the administration practices followed by the employee that is usually performing the role.

Reach out to the experts at Intrix Cyber Security who can help monitor and avoid these types of insider threats.

Scroll to top