10 Security Experts On What The Industry Doesn't Get About GDPR
IT Administrators Could Find Themselves In The Crosshairs Of Regulators
Lots of the attention around GDPR has been focused around the end users since they're the ones processing the data, according to David Higgins, director of customer development, EMEA for Newton, Mass.-based CyberArk.
But the hidden layer of any organization are the IT administrators since they have access to the data needed to the keep the lights on and the systems running, Higgins said. For this reason, Higgins said attackers looking to steal data often target IT administrators rather than human resources or finance leaders since the former usually have access to more valuable data.
For instance, Higgins said a database administrator will likely have access to multiple databases that contain personally identifiable information, which has implications as far as GDPR is concerned. Organizations need to move from having this visibility unmanaged or uncontrolled to ensuring that IT administrators only have access at the right time for the right reasons.