News

Insider Snooping Still Serious Security Issue, Survey Finds

Last year's Cyber-Ark "Trust, Security & Passwords" survey revealed that one-third of IT staff used their IT administration rights to access privileged or confidential data, including human resources records, layoff lists, merger and acquisition plans, and customer databases. Behavior hasn't changed much according to results from this year's survey.

"Despite a sharp rise in data breaches and increased media awareness on the subject, the third annual Cyber-Ark survey reveals that 35 percent of IT workers now admit to accessing corporate information without authorization, while 74 percent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information," according to Cyber-Ark.

The global survey polled over 400 senior IT professionals in the United States and the United Kingdom, primarily enterprise-class companies.

The survey reveals what type of information (and how much of that data) employees are interested in taking if they are fired. This year's survey reports "a sharp increase in the number of respondents who say they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security."

For security managers, an ever more alarming result is the six-fold increase in staff "who said they would take financial reports or merger and acquisition plans." Staff who would take CEO passwords and research and development plans also climbed, increasing four-fold since last year.

Here's what employees would most likely steal:

Type of Information

 2009 

 2008 

Customer Database

 47% 

 35% 

E-mail Server Admin Account

 47% 

 13% 

M&A Plans

 47% 

 7% 

Copy of R&D Plans

 46% 

 13% 

CEO's Password

 46% 

 11% 

Financial Reports

 46% 

 11% 

Privileged Password List  

 42% 

 31% 

Also worrisome: one company in five admits having experienced "cases of insider sabotage or IT security fraud." Of those, "36 percent suspect that their competitors have received their company's highly sensitive information or intellectual property."

Organizations know about the problem. Seventy-one percent of respondents indicated that privileged accounts are monitored somewhat; of these, 91 percent of those being monitored accept their employer's monitoring activities.

Despite such understanding, nearly three-quarters of respondents (74 percent) say that they could still circumvent such monitoring. Further highlighting the ineffectiveness of an enterprise's controls and access policies, more than a third (35 percent) of IT administrators confessed to using their administration rights to look at confidential or sensitive information. They most often access "HR records, followed by customer databases, M&A plans, layoff lists and, lastly, marketing information."

"This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated. Unauthorized access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information," said Udi Mokady, CEO of Cyber-Ark, in a prepared statement.

The full survey can be downloaded in PDF form here; registration is required for access.

About the Author

Jim Powell is president and CEO of Daisytek International Corporation. He can be contacted at 972-881-4700 or [email protected]

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus