Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Trust survey finds growth in insider snooping

CyberArk Software : 11 June, 2009  (Technical Article)
A year on from the first Trust, Security and Passwords survey, Cyber-Ark's new study finds deterioration in levels of trust
Twelve months after the Cyber-Ark "Trust, Security & Passwords" survey discovered that 33 percent of IT staff used their IT administration rights to snoop around networks to access privileged, corporate information such as HR records, redundancy lists, customer databases and M&A plans, a repeat of the survey has discovered that the situation has escalated. Despite a sharp rise in data breaches and increased media awareness on the subject, the third annual Cyber-Ark survey reveals that 35 percent of IT workers now admit to accessing corporate information without authorisation, while 74 percent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information.

Cyber-Ark's "Trust, Security & Passwords" is a global survey of more than 400 senior IT professionals both in the US and UK, mainly from enterprise class companies.

One of the most revealing aspects of the survey was found in the types and quantity of information employees would take with them if they were fired. As the economic climate has worsened, the survey found a sharp increase in the number of respondents who say they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security. When asked this year "What would you take with you," the survey found a six-fold increase in staff who said they would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans. Of the information targeted, respondents indicated they would be most likely to steal the following types of information:

* Customer Database (grew from 35% to 47%)
* Email Server Admin Account (grew from 13% to 47%)
* M and A Plans (grew from 7% to 47%)
* Copy of R and D Plans (grew from 13% to 46%)
* CEO Password (grew from 11% to 46%)
* Financial Reports (grew from 11% to 46%)
* Privileged Password List (grew from 31% to 42%)

Ominously, 1 in 5 companies admit having experienced cases of insider sabotage or IT security fraud. Of those companies, 36 percent suspect that their competitors have received their company's highly sensitive information or intellectual property.

Organizations are increasingly aware of the need to monitor privileged account access and activity, with 71 percent of respondents indicating that privileged accounts are partially monitored, while 91 percent of those who are monitored admitting they are "okay with their employer's monitoring activities." Despite these efforts, 74 percent of respondents revealed that even with the controls being put in place to monitor them, they could still get around them, making current controls ineffectual.

Highlighting the ineffectiveness of current controls and access policies, 35 percent of IT administrators admitted they were using their administration rights to snoop around the network to access confidential or sensitive information. The most common areas respondents indicated they access are HR records, followed by customer databases, M&A plans, redundancy lists and lastly, marketing information.

"This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated. Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information," said Udi Mokady, CEO of Cyber-Ark.

"Cyber-Ark is committed to raising awareness around the risk of unmanaged privileged accounts. While seemingly innocuous, these accounts provide workers with the 'keys to the kingdom,' allowing them to access critically sensitive information, no matter where it resides. Businesses must wake up and realize that trust is not a security policy; they have an organizational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted," Mokady added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo