This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

IT staff admit having access to sensitive information without board level knowledge

Share this article:

Almost half of IT staff are able to gain unauthorised access to their organisation's most sensitive information.

According to a survey of 500 IT professionals by Lieberman Software, 42 per cent are able to access a company's most sensitive information, including the CEO's private documents.

Fifteen per cent of UK IT professionals, compared with just nine per cent of US IT professionals, admitted that they would use their admin rights to snoop around the network in an effort to sneak a peak at sensitive data to try and find out if their job, or a colleague's job, was at risk.

Also, 39 per cent revealed that senior management does not know what IT can and cannot access, as 78 per cent said that they could walk out the office tomorrow with highly sensitive information. A third of respondents revealed that they would still be able to access sensitive information long after leaving the company.

Philip Lieberman, president and CEO of Lieberman Software, said: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and according to our study, most organisations don't.

“In the good old days the most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. Today, it's locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet.

“What's clear from this survey is that management just doesn't understand the privileges their IT staff have to the most sensitive data.  Even the bosses' documents can be read by 42 per cent of IT personnel and if these guys can't be trusted, directors shouldn't be surprised when their data gets leaked or exploited.”

Another survey of 3,484 employees in the United States, Great Britain and Australia found that 48 per cent of British employees who have access to their employer's or client's private data said that they would feel comfortable doing something with that data, regardless if that access was intentional or accidental.

Jackie Gilbert, vice president of marketing and co-founder of SailPoint that conducted that survey, said that organisations should be very concerned about the number of employees that openly admitted to misusing proprietary data.

“These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees,” she said.

“Having a written policy is not enough to ensure data security. Organisations need to have automated controls in place to monitor and manage user access controls in order to minimise the risk of insider theft or sabotage.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.