One Third of IT Staff Still Snoop

One Third of IT Staff Still Snoop

By Greg McNevin

June 23, 2008: Once upon a time the IT department had the keys to the kingdom, so to speak. With a job that few others in a given organisation understood, they were free to do as they pleased on the network. While times have changed and far more robust security measures are now a matter of course, it appears that old habits die hard.

According to a new survey by Cyber-Ark Software, a third of IT personnel still snoop around the company network, looking at highly confidential information, such as salary details, M & A plans, people’s personal emails, board meeting minutes and other personal information.

Carried out at the recent Infosecurity Expo 2008, the survey canvassed the opinions of 300 senior IT professionals (mainly from companies employing over 1000+ employees), as part of the company’s annual survey into “Trust, Security and Passwords”.

One third of those surveyed admitted to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to.

More worrying still, when asked if they had accessed information that was not relevant to their role, 47 percent admitted they had.

“When it comes down to it, IT has essentially enabled snooping to happen! It’s easy – all you need is access to the right passwords or privileged accounts and you’re privy to everything that’s going on within your company,” says Mark Fullbrook, UK Director of Cyber-Ark.

Fullbrook notes that with the increasing focus on digital information and the slow disappearance of paper records, the days when one had to photocopy sheets of information with customer details, or pick the lock to the salaries drawer are fast disappearing.

“In some organisations there is little understanding or lack of controls in place to manage workers access to systems,” says Fullbrook.

“For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those “in the know” they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power. This could include highly sensitive information such as merger plans, the CEO’s emails, company accounts, marketing plans, legal records, R & D plans etc.”

Comment on this story

Business Solution: