This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

IT staff admit having access to sensitive information without board level knowledge

Share this article:

Almost half of IT staff are able to gain unauthorised access to their organisation's most sensitive information.

According to a survey of 500 IT professionals by Lieberman Software, 42 per cent are able to access a company's most sensitive information, including the CEO's private documents.

Fifteen per cent of UK IT professionals, compared with just nine per cent of US IT professionals, admitted that they would use their admin rights to snoop around the network in an effort to sneak a peak at sensitive data to try and find out if their job, or a colleague's job, was at risk.

Also, 39 per cent revealed that senior management does not know what IT can and cannot access, as 78 per cent said that they could walk out the office tomorrow with highly sensitive information. A third of respondents revealed that they would still be able to access sensitive information long after leaving the company.

Philip Lieberman, president and CEO of Lieberman Software, said: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and according to our study, most organisations don't.

“In the good old days the most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. Today, it's locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet.

“What's clear from this survey is that management just doesn't understand the privileges their IT staff have to the most sensitive data.  Even the bosses' documents can be read by 42 per cent of IT personnel and if these guys can't be trusted, directors shouldn't be surprised when their data gets leaked or exploited.”

Another survey of 3,484 employees in the United States, Great Britain and Australia found that 48 per cent of British employees who have access to their employer's or client's private data said that they would feel comfortable doing something with that data, regardless if that access was intentional or accidental.

Jackie Gilbert, vice president of marketing and co-founder of SailPoint that conducted that survey, said that organisations should be very concerned about the number of employees that openly admitted to misusing proprietary data.

“These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees,” she said.

“Having a written policy is not enough to ensure data security. Organisations need to have automated controls in place to monitor and manage user access controls in order to minimise the risk of insider theft or sabotage.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...