Recession-dismissed IT staff 'will steal data'
Exercise extreme caution when it comes to dismissing your IT staff: 88 per cent of IT administrators, if laid-off tomorrow, would steal valuable and sensitive company information, claims a survey by Cyber-Ark.
The target information includes the CEO’s passwords, the customer database, R&D plans, financial reports, M&A plans, and privileged passwords lists. Only 12 per cent would be honest enough to leave empty-handed, the 2008 'Trust, Security and Passwords' survey of 300 IT security professionals claims.
Of the 88 per cent that said they would take valuable information with them, a third of devious IT administrators would take the privilege password list which would give them access to all the other sensitive and valuable documents and information such as financial reports, accounts, salaries details, and other privileged and highly-sensitive data.
“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company,” said Udi Mokady, CEO of Cyber-Ark. “These privileged identities, which lie on hundreds of servers and applications, rarely get changed - it’s considered too much hassle.”
When IT staff leave the organisation, they can still access the network using these passwords to acquire an organisations’ most sensitive information, Mokady, co-founder and CEO of Cyber-Ark, added. “Our advice is secure the most privileged data, and routinely change and manage them, so that if an employee’s contract is terminated, whether sacked or made redundant, they can’t maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.”
The survey also suggests that those responsible for securing the systems are ‘often very sloppy’ when it comes to basic good housekeeping. Administrators who are often responsible for security, do not exchange or send information securely, with 35 per cent choosing to send sensitive or highly confidential information via email.
Around 33 per cent of IT staff surveyed admitted to ‘snooping around the network’, looking at highly confidential information, such as salary details, M&A plans, colleagues’ personal emails, board meeting minutes, and other personal information that they were not privy to. They did this by using their privileged rights and administrative passwords to access information that is confidential or sensitive.