Insider snooping on the rise

By Dave Bailey
10 Jun 2009 View Comments
A Computing logo
Survey says 74 per cent of IT admin staff can 'circumvent' network security

More than third (35 per cent) of IT staff have used their administration rights to breach data security, giving them access to critical corporate information without authorisation, according to research.

The study by Cyber Ark also suggests that nearly three-quarters of the 400 senior UK and US IT professionals polled said they could breach the security controls in place to protect against corporate information theft.

Further reading

Asked what information they would take with them if made redundant, the three most popular responses were the customer database, the email server administrator account, and the firm's merger and acquisition (M&A) plans – all chosen by 47 per cent of those polled.

Next in line for potential theft were research and development (R&D) plans (46 per cent), the chief executive's password (46 per cent), financial reports (46 per cent) and the privileged password list (42 per cent). The corresponding figures for last year showed that the average increase in IT staff willing to take critical business data if made redundant was 28 per cent.

The survey suggests that firms need to fully monitor privileged account access, but 71 per cent of respondents indicated that privileged accounts were only partially monitored, and despite these controls, 74 per cent of those polled revealed that it did not stop them snooping around.

The significant failure of snooping controls was highlighted by the 35 per cent of IT administrators who admitted they were using high-level rights to access confidential or sensitive information. The most common areas targeted for snooping were HR records, followed by customer databases, M&A plans, redundancy lists, and marketing information.

"Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information,” said Udi Mokady, chief executive of Cyber-Ark.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %