Businesses see a huge rise in employee views and theft of sensitive data

News by SC Staff

A third of IT workers have admitted to accessing unauthorised corporate information.

A third of IT workers have admitted to accessing unauthorised corporate information.
According to Cyber-Ark's Trust, Security and Passwords survey, the amount of IT staff that abuse their position to snoop around networks to access privileged, corporate information has risen by two per cent in the past 12 months. Meanwhile, 74 per cent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information. 


The most popular information to be viewed, or stolen in the event of them being fired, was the customer database, email server admin account and M&A plans, with 47 per cent claiming that they would take these. Forty six per cent would take a copy of the R&D plans, the CEO's password and financial reports.  One in five companies admitted to having experienced cases of insider sabotage or IT security fraud, with 36 per cent suspecting that their competitors had received their company's highly sensitive information or intellectual property.


Udi Mokady, CEO of Cyber-Ark, said: "This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated.  Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information.


"Cyber-Ark is committed to raising awareness around the risk of unmanaged privileged accounts.  While seemingly innocuous, these accounts provide workers with the ‘keys to the kingdom', allowing them to access critically sensitive information, no matter where it resides. Businesses must wake up and realise that trust is not a security policy; they have an organisational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted."


However businesses are increasingly aware of the need to monitor privileged account access and activity, with 71 per cent of respondents indicating that privileged accounts are partially monitored. Ninety one per cent of those who are monitored admitted that they are 'okay with their employer's monitoring activities'. Despite these efforts, 74 per cent of respondents revealed that even with the controls being put in place to monitor them, they could still get around them, making current controls ineffectual.


Highlighting the ineffectiveness of current controls and access policies, 35 per cent of IT administrators admitted they were using their administration rights to snoop around the network to access confidential or sensitive information.  The most common areas respondents indicated they access are HR records, followed by customer databases, M&A plans, layoff lists and lastly, marketing information.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews