Insider IT snooping on the rise

Despite a sharp rise in data breaches and increased media awareness on the subject, a new survey reveals that over one third of IT workers now admit to accessing corporate information without authorisation.

Twelve months after the Cyber-Ark Trust, Security & Passwords survey discovered that 33% of IT staff used their IT administration rights to snoop around networks to access privileged, corporate information such as HR records, redundancy lists, customer databases and M&A plans, a repeat of the survey has discovered that the situation has escalated, with 35% of IT workers now admitting to accessing corporate information on the sly.

A further 74% of respondents stated that they could circumvent the controls currently in place to prevent access to internal information.

One of the most revealing aspects of the survey was found in the types and quantity of information employees would take with them if they were fired. As the economic climate has worsened, the survey found a sharp increase in the number of respondents who say they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security.

When asked, what would you take with you?, the survey found a six-fold increase in staff who said they would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.

Ominously, one in five companies admit having experienced cases of insider sabotage or IT security fraud. Of those companies, 36% suspect that their competitors have received their company’s highly sensitive information or intellectual property.

Organisations are increasingly aware of the need to monitor privileged account access and activity, with 71% of respondents indicating that privileged accounts are partially monitored, while 91% of those who are monitored admitting they are ‘okay with their employer’s monitoring activities’. Despite these efforts, 74% of respondents revealed that even with the controls being put in place to monitor them, they could still get around them, making current controls ineffectual.

Highlighting the ineffectiveness of current controls and access policies, 35% of IT administrators admitted they were using their administration rights to snoop around the network to access confidential or sensitive information. The most common areas respondents indicated they access are HR records, followed by customer databases, M&A plans, redundancy lists and lastly, marketing information.

Commenting, Udi Mokady, CEO of Cyber-Ark, said: “This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated. Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information.”