This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

IT staff admit having access to sensitive information without board level knowledge

Share this article:

Almost half of IT staff are able to gain unauthorised access to their organisation's most sensitive information.

According to a survey of 500 IT professionals by Lieberman Software, 42 per cent are able to access a company's most sensitive information, including the CEO's private documents.

Fifteen per cent of UK IT professionals, compared with just nine per cent of US IT professionals, admitted that they would use their admin rights to snoop around the network in an effort to sneak a peak at sensitive data to try and find out if their job, or a colleague's job, was at risk.

Also, 39 per cent revealed that senior management does not know what IT can and cannot access, as 78 per cent said that they could walk out the office tomorrow with highly sensitive information. A third of respondents revealed that they would still be able to access sensitive information long after leaving the company.

Philip Lieberman, president and CEO of Lieberman Software, said: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and according to our study, most organisations don't.

“In the good old days the most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. Today, it's locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet.

“What's clear from this survey is that management just doesn't understand the privileges their IT staff have to the most sensitive data.  Even the bosses' documents can be read by 42 per cent of IT personnel and if these guys can't be trusted, directors shouldn't be surprised when their data gets leaked or exploited.”

Another survey of 3,484 employees in the United States, Great Britain and Australia found that 48 per cent of British employees who have access to their employer's or client's private data said that they would feel comfortable doing something with that data, regardless if that access was intentional or accidental.

Jackie Gilbert, vice president of marketing and co-founder of SailPoint that conducted that survey, said that organisations should be very concerned about the number of employees that openly admitted to misusing proprietary data.

“These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees,” she said.

“Having a written policy is not enough to ensure data security. Organisations need to have automated controls in place to monitor and manage user access controls in order to minimise the risk of insider theft or sabotage.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...