Snooping IT staff

November 2008 Security Services & Risk Management

A third of IT staff secretly peek at confidential data.

Whilst you sit there innocently working away, little do you realise that a third of your IT colleagues have been snooping around the network, looking at highly confidential information, such as salary details, M&A plans, people’s personal e-mails, board meeting minutes and other personal information. That is the findings of a survey released by Cyber-Ark Software, specialists in digital vaulting solutions, who carried out the research at the recent Infosecurity Expo 2008, amongst 300 senior IT professionals (mainly from companies employing over 1000+ employees), as part of their annual survey into 'Trust, security and passwords'.

One third of the survey sampled admitted to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to.

When asked if they had accessed information that was not relevant to their role 47% admitted they had.

Udi Mokady, CEO of Cyber-Ark says, “When it comes down to it, IT has essentially enabled snooping to happen. It is easy, all you need is access to the right passwords or privileged accounts and you are privy to everything that is going on within your company. Gone are the days when you had to photocopy sheets of information with your customer database on it, or pick the lock to the salaries drawer. In some organisations there is little understanding or lack of controls in place to manage workers access to systems. For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those 'in the know' they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power. This could include highly sensitive information such as merger plans, the CEO’s e-mails, company accounts, marketing plans, legal records, R&D plans etc.”

Privileged passwords rarely get changed

Even more worrying is the fact that privileged passwords get changed infrequently and often a lot less than user passwords. 30% get changed every quarter and a staggering 9% never get changed, giving access indefinitely to all those who know the passwords, even when they have left the organisation.

Who is managing the privileged passwords?

Half of IT administrators do not have to get authorisation to access privileged accounts which shows a general lack of control of these power identities and indeed understanding over the power that these privileges command.

Majority are sloppy at handling and exchanging sensitive data

Seven out of 10 companies rely on out-dated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners with 35% choosing to e-mail sensitive data, 35% sending it via a courier, 22% using FTP and 4% still relying on the postal system. This should not be any big surprise when you learn that 12% of these senior IT personnel who were interviewed also choose to send cash in the post.

Mokady continues, “As we have seen many use their privileged passwords without having to seek authorisation, and if the price is right what is stopping them from choosing to trade information to the highest bidder. Companies need to wake up to the fact that if they do not introduce layers of security and tighten up who has access to vital information, by managing and controlling privileged passwords, snooping, sabotage and hacking will continue.”

For more information contact Darshna Kamani, Cyber-Ark, 020 71832 832.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

Read more...
The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Read more...
Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Read more...
Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

Read more...
Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

Read more...
Renewable energy for estates and homes
August 2019, Drensky Technologies, Technews Publishing, Specialised Battery Systems , Security Services & Risk Management
While individual homeowners might choose to install solar photovoltaic (PV) systems for when there’s load shedding or a power failure, for an entire estate to harness its energy requirements from solar, and particularly their crucial security systems, would require that a large area of the property be dedicated to solar panels.

Read more...
Insuring thatched roofs against lightning
August 2019, DEHN Africa , Security Services & Risk Management
Considering South Africa’s very high lightning flash density statistics, and the popular trend all over the country to use aesthetically pleasing thatched roofs for residential as well as commercial buildings, a fit-for-purpose offering has been introduced by DEHN Africa.

Read more...
Know your enemies (and friends)
August 2019 , Security Services & Risk Management
Hi-Tech Security Solutions spoke to Dave Rampersad to find out about what and how information can be automatically added to number plates to proactively improve the security of an estate.

Read more...
Residential estates: Just how secure are they?
August 2019 , Security Services & Risk Management, Residential Estate (Industry)
While estates may seem a refuge from the criminal threat lurking in the suburbs, crime may be rife here, too.

Read more...
Reduce insider threats with thorough due diligence
August 2019, iFacts , Security Services & Risk Management
Outsourcing critical business functions can offer significant opportunities, but can also represent a wealth of additional risks.

Read more...