12 March 2010 - Reports that the Swiss regulator FINMA is investigating the theft of data on up 24,000 private clients of the Geneva private bank of HSBC  Holdings has been met with astonishment by Cyber-Ark, the data security specialist.

"We're surprised as the data theft appears to be down to a lack of privileged account controls at the bank. Here is yet another powerful example of the significant risk of unmanaged and unmonitored privileged accounts," said Udi Mokady, Cyber-Ark's president and CEO.

"We are seeing that organizations now get the message about the high risk of not controlling their privileged accounts and superusers, not recording their privileged sessions and that there are proven processes procedures and products available to help address exactly this type of privileged identity risk," he added.

According to Mokady, this subject has been the topic of our major `got privilege' campaign that has just taken place in the US.

"As we promised our clients last November, next month (April) we will be launching version 6.0 of PIMS - our Privileged Identity Management Suite - which represents a major step forward in privileged user account control," he added.

According to Mokady, key features of PIMS 6.0 will include granular super-user access controls, as well as intelligent privileged account detection.

This latter facility, he explained, helps to lower the implementation costs, as well as reducing the overhead required to add in new users and systems as they are commissioned.

This is what makes PIMS 6.0 ideal for major financial institutions such as HSBC, which clearly have a lot to lose from the insider threat - and which may be the cause of the Geneva private client data leakage - since it protects the information from anyone who is not directly and transactionally required to access the data.

"We are seeing a lot of interest in privilege user management amongst our major customers. Privileged users often have multiple contacts in their accounts and this can pose a potentially serious security risk to an organisation if a high privilege account is compromised", said Cyber-Ark's president and CEO.

According to Mokady, the problem of securing privileged accounts within a corporate environment is a potentially major one, as it requires a `top down' approach to IT security.

PIMS 6.0 will allow Cyber-Ark to become the first IT security vendor to provide a unified, policy-driven approach for shared- account/software-account password management and super-user privilege management.

Features of the expanded suite include an automatic privileged account detection capability which, by using distributed architecture, allows companies to adhere to relevant audit and compliance legislation such as PCI DSS and Sarbanes Oxley.

"Existing security software in this domain only addresses the issue of granular access privileges of super-user accounts at the point of usage, which is only part of the picture," he said.

"Although it remains to be seen what the actual cause of this high-profile and potentially very damaging data leak actually was, PIMS 6.0 can go a long way towards preventing this kind of situation developing and placing and organisation's reputation in the grinder," he added.

For more on the HSBC Geneva bank data leakage: http://bit.ly/9qIhMr

For more on Cyber-Ark: www.cyber-ark.com or contact Yvonne Eskenzi on 0207 183 2832

ENDS