10 Jun 2009
More than third (35 per cent) of IT staff have used their administration rights to breach data security, giving them access to critical corporate information without authorisation, according to research.
The study by Cyber Ark also suggests that nearly three-quarters of the 400 senior UK and US IT professionals polled said they could breach the security controls in place to protect against corporate information theft.
Asked what information they would take with them if made redundant, the three most popular responses were the customer database, the email server administrator account, and the firm's merger and acquisition (M&A) plans – all chosen by 47 per cent of those polled.
Next in line for potential theft were research and development (R&D) plans (46 per cent), the chief executive's password (46 per cent), financial reports (46 per cent) and the privileged password list (42 per cent). The corresponding figures for last year showed that the average increase in IT staff willing to take critical business data if made redundant was 28 per cent.
The survey suggests that firms need to fully monitor privileged account access, but 71 per cent of respondents indicated that privileged accounts were only partially monitored, and despite these controls, 74 per cent of those polled revealed that it did not stop them snooping around.
The significant failure of snooping controls was highlighted by the 35 per cent of IT administrators who admitted they were using high-level rights to access confidential or sensitive information. The most common areas targeted for snooping were HR records, followed by customer databases, M&A plans, redundancy lists, and marketing information.
"Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information,” said Udi Mokady, chief executive of Cyber-Ark.
These statistics truly reinforce the institutionalised lax approach to security in business today. Much has been made of the loss of data to foreign bodies, but organisations need to ensure that all security approaches consider the threats which come from both external and internal sources. Despite the economic crisis, it is straight-forward and cost effective to allow the legitimate use of approved devices, which introduces a level of stewardship where only authorised staff have access to certain data. This will also enable organisations to actively guard against the removal of data or the introduction of risks to the network. In doing this, more stringent security barriers can be introduced to help eliminate this seemingly growing problem of internal snooping.
Posted by: Matt Fisher, FrontRange Solutions 12 Jun 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Will Google’s new privacy policy impact how you use its services?
Garry Sidaway, director of security strategy at Integralis discusses the current threats to enterprises, and how they should protect themselves
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
