June 10, 2009
Survey Reveals Snooping By IT Professionals
A new survey of IT professionals found that more than one-third admitted to using their expertise to access information from their colleagues.
Data security firm Cyber-Ark conducted the survey with more than 400 senior IT professionals in the UK and the US participating.
"Employee snooping on sensitive information continues unabated," Udi Mokady, CEO of Cyber-Ark, said in a statement accompanying the study.
A previous Cyber-Ark report, titled "Trust, Security & Passwords", found that 33 percent of IT staff "used their IT administration rights to snoop around networks to access privileged, corporate information such as HR records, layoff lists, customer databases and M&A plans."
"While seemingly innocuous, (unmanaged privileged) accounts provide workers with the 'keys to the kingdom,' allowing them to access critically sensitive information," Mokady said.
This year, the survey asked the question "What would you take with you" if an IT professional were to be fired. The survey found a six-fold increase in staff who said they would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.
The firm found that one in five companies reported having experienced cases of insider sabotage or IT security fraud.
"Businesses must wake up and realize that trust is not a security policy; they have an organizational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted," Mokady concluded.
On the Net: