Redundancy fears fuels IT staff snooping

Despite the rise in data breaches and increased media awareness on the subject, the third annual Cyber-Ark ‘Trust, Security and Passwords’ survey has revealed that 35 percent of IT workers now admit to accessing corporate information like HR records, redundancy lists, customer databases, and M&A plans without authorisation.

The findings show a 2 per cent increase on the 2008 survey; and 74 per cent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information.

One of the most revealing aspects of the survey was found in the types and quantity of information employees would take with them if they were fired. As the economic climate has worsened, the survey found an increase in the number of respondents who say they would take proprietary data and information critical to maintaining competitive advantage and corporate security.

Asked in the 2009 survey ‘What would you take with you?’, the survey found a six-fold increase in staff who said they would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.

Of the information targeted, respondents indicated they would be most likely to steal the following:

Type of information20092008
Customer database47 per cent35 per cent
Email server admin account47 per cent13 per cent

Mergers and acquisitions plans

47 per cent

7 per cent

Copy of research and development plans

46 per cent

13 per cent

CEO’s password

46 per cent

11 per cent

Financial reports

46 per cent

11 per cent

Privileged password list

42 per cent

31 per cent

Organisations are increasingly aware of the need to monitor privileged account access and activity, with 71 per cent of respondents indicating that privileged accounts are partially monitored, while 91 per cent of those who are monitored admitting they are ‘okay with their employer’s monitoring activities’. Despite these efforts, 74 per cent of respondents revealed that even with the controls being put in place to monitor them, they could still get around them, making current controls ‘ineffectual’.

Highlighting the ineffectiveness of current controls and access policies, 35 percent of IT administrators admitted they were using their administration rights to snoop around the network to access confidential or sensitive information. The most common areas respondents indicated they access are human resources (HR) records, followed by customer databases, mergers and acquisitions plans, pending redundancy lists, and marketing information.

Cyber-Ark’s 'Trust, Security & Passwords' is a global survey of more than 400 senior IT professionals both in the US and UK, mainly from enterprise class companies. 

More information:
http://kn.theiet.org/news/jun08/cyberark-surv.cfm
www.cyber-ark.com

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close