IT staff admit having access to sensitive information without board level knowledge
Almost half of IT staff are able to gain unauthorised access to their organisation's most sensitive information.
According to a survey of 500 IT professionals by Lieberman Software, 42 per cent are able to access a company's most sensitive information, including the CEO's private documents.
Fifteen per cent of UK IT professionals, compared with just nine per cent of US IT professionals, admitted that they would use their admin rights to snoop around the network in an effort to sneak a peak at sensitive data to try and find out if their job, or a colleague's job, was at risk.
Also, 39 per cent revealed that senior management does not know what IT can and cannot access, as 78 per cent said that they could walk out the office tomorrow with highly sensitive information. A third of respondents revealed that they would still be able to access sensitive information long after leaving the company.
Philip Lieberman, president and CEO of Lieberman Software, said: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and according to our study, most organisations don't.
“In the good old days the most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. Today, it's locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet.
“What's clear from this survey is that management just doesn't understand the privileges their IT staff have to the most sensitive data. Even the bosses' documents can be read by 42 per cent of IT personnel and if these guys can't be trusted, directors shouldn't be surprised when their data gets leaked or exploited.”
Another survey of 3,484 employees in the United States, Great Britain and Australia found that 48 per cent of British employees who have access to their employer's or client's private data said that they would feel comfortable doing something with that data, regardless if that access was intentional or accidental.
Jackie Gilbert, vice president of marketing and co-founder of SailPoint that conducted that survey, said that organisations should be very concerned about the number of employees that openly admitted to misusing proprietary data.
“These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees,” she said.
“Having a written policy is not enough to ensure data security. Organisations need to have automated controls in place to monitor and manage user access controls in order to minimise the risk of insider theft or sabotage.”