Sign in with
Sign up | Sign in

74 Percent of IT Pros Admit to Network Snooping

By - Source: Tom's Hardware US | B 46 comments

IT professionals may carry a great amount of power, but with great power comes great responsibility.

A recent study by Cyber-Ark has revealed that an increasing number of IT professionals are using their administrative powers to access information not relevant to their role.

Cyber-Ark surveyed 400 IT professionals about how they use their privileged accounts. The survey found that 64 percent of UK IT professionals admitted to accessing information not relevant to their role, while 74 percent of U.S. IT pros admitted to doing the same. Further, 41 and 40 percent (UK and U.S. respectively) admitted they had used their admin password to access information considered to be confidential or particularly sensitive.

The fact that 67 percent of UK respondents and 78 percent of U.S. respondents say their privileged accounts are monitored does barely anything to pacify concerns when Cyber-Ark reports that 53 percent (UK) and 74 percent (US) have the ability to get around controls put in place to monitor access.

Asked what they would take if they knew they were going to be fired in the morning, only 30 percent of UK respondents said nothing. The U.S. respondents seemed a little more loyal to their employers, with 64 percent saying they'd take nothing. Of the 70 percent of British and 36 percent of Americans who said they would take something, the most prominent choice was the database (16 percent in both countries). Also on the list were privileged passwords, the email server admin account, financial reports, the CEO's password and R&D plans.

Those surveyed said they believed the people working IT departments were most likely to snoop around the network.

Have you ever snooped around on the network at work? Let us know in the comments below!

Display 46 Comments.
This thread is closed for comments
Top Comments
  • 15 Hide
    ct1615 , July 13, 2010 12:40 AM
    74!!!!...well at least we know the other 26% are known liars
  • 15 Hide
    chodaboy , July 13, 2010 1:54 AM
    I've snooped around the secretary's personal folders in search of nudity. It seems that she keeps all her naked pictures at home though...
  • 14 Hide
    haunted one , July 13, 2010 12:05 AM
    70% said they'd steal data?????? O__o
Other Comments
  • 14 Hide
    haunted one , July 13, 2010 12:05 AM
    70% said they'd steal data?????? O__o
  • 7 Hide
    snoogins , July 13, 2010 12:20 AM
    Seems pretty ridiculous if you ask me, but I'm not an IT guy, so maybe they have their reasons.

    But ya, the amount that said they would steal data is no good at all.
  • 2 Hide
    freename , July 13, 2010 12:30 AM
    It says "Among the stuff 70 percent of the British and 36 percent of Americans said they'd take was..."
    So, they would take data - personal emails, photos maybe? And some (an undisclosed number) said they'd take more.
    Seems like a lot of FUD re: taking stuff. More information required.
  • 4 Hide
    calinkula , July 13, 2010 12:33 AM
    And even though that percentage seems high, that doesn't even count the off shored outsourced data management company that got hired on to replace most IT staff cause it's cheaper.
  • 5 Hide
    4745454b , July 13, 2010 12:37 AM
    I laugh a bit about this. When I interned at my local cities IT dept as a college student they foolishly gave me the default admin (both to the machine and network) user name and password. Its set up so that the city has one user name, while the Police have a name one digit higher. Fire is one digit higher, while the water dept has the highest numbered user name. (password never changes) I wouldn't have to steal these names as I had to use them so much they are a part of me. I understand this is different as they are grabbing the user:p ass of certain people, but I'm sure with enough knowledge they could do ??? I know I could.
  • 0 Hide
    Anonymous , July 13, 2010 12:37 AM
    It said they want to take the database and other important information. the most important information that they would most likely be stealing is the customer list with all of the contact info included. they could take all of that and use it at another company...even with an NDA, no way to prove where they got it( if they are smart).
  • 15 Hide
    ct1615 , July 13, 2010 12:40 AM
    74!!!!...well at least we know the other 26% are known liars
  • 6 Hide
    matt87_50 , July 13, 2010 12:50 AM
    "74% of IT professionals are board out of their f*&$ing minds and have nothing better to do, the other 26% are incompetent."
  • 2 Hide
    manitoublack , July 13, 2010 12:52 AM
    what's not mentioned is that 26% of network admins are lairs.
  • 3 Hide
    lostalaska , July 13, 2010 12:55 AM
    **sigh** at least they are shilling a product to fix this problem, what a coincidence! I'm feeling like they tweaked the hell out of the questions/data to get the numbers they wanted... Now lets all go buy their cyber-arc security systems and feel safer....
  • 1 Hide
    SAL-e , July 13, 2010 1:14 AM
    I call the assumptions made in this survey a BS. If the info should be seen by person A, B and C only person A, B and C should have access on the first place. If the IT has access and the John's account has permission to see the data ... well he has permission and it can't be called snooping. Only other way is for the sys admin to crack the security measures and this takes far more time then "free time on the job" average sys admin has.

    The result of this survey really means that 70% of the networks has not been configured correctly. You don't need survey for that they just need to ask any Sys Admin to confirm it.

    And don't get your Sys Admin angry. It could cost you big time.
  • 4 Hide
    JMcEntegart , July 13, 2010 1:18 AM
    SAL-eI call the assumptions made in this survey a BS. If the info should be seen by person A, B and C only person A, B and C should have access on the first place. If the IT has access and the John's account has permission to see the data ... well he has permission and it can't be called snooping. Only other way is for the sys admin to crack the security measures and this takes far more time then "free time on the job" average sys admin has.The result of this survey really means that 70% of the networks has not been configured correctly. You don't need survey for that they just need to ask any Sys Admin to confirm it.And don't get your Sys Admin angry. It could cost you big time.


    By your logic, because IT has access to the HR database (should something go wrong, they would of course need access to fix it), it's not snooping if they look at why so-and-so was off sick for depression for two months, or who's got maternity leave booked, or even look up home addresses and phone numbers for all employees.

    Likewise, most IT staff can tell you your password if you forget it; that doesn't mean they're entitled to check your emails, which may contain confidential client information, etc.
  • -3 Hide
    Pyroflea , July 13, 2010 1:47 AM
    These just means 26% of IT Pros are liars :D 
  • 15 Hide
    chodaboy , July 13, 2010 1:54 AM
    I've snooped around the secretary's personal folders in search of nudity. It seems that she keeps all her naked pictures at home though...
  • 0 Hide
    Supertrek32 , July 13, 2010 2:17 AM
    "74 Percent of IT Pros Admit to Network Snooping"

    "The survey found that 64 percent of UK IT professionals admitted to accessing information not relevant to their role, while 74 percent of U.S."

    Thanks for the sensationalized headline. Snooping is definitely not the same as looking at something irrelevant. Facebook is irrelevant, but I wouldn't call that snooping by any means.
  • 4 Hide
    visa , July 13, 2010 2:27 AM
    As an IT consultant, I can say there's no good excuse for snooping around randomly on client networks.

    However, I'd also like to know how many end users bitch and moan that they should change their network password from "Password1". This is especially true of smaller businesses.
  • 0 Hide
    micr0be , July 13, 2010 2:47 AM
    trust is a weakness... remember that.
  • 0 Hide
    TheKurrgan , July 13, 2010 2:50 AM
    SAL-eI call the assumptions made in this survey a BS. If the info should be seen by person A, B and C only person A, B and C should have access on the first place. If the IT has access and the John's account has permission to see the data ... well he has permission and it can't be called snooping. Only other way is for the sys admin to crack the security measures and this takes far more time then "free time on the job" average sys admin has.The result of this survey really means that 70% of the networks has not been configured correctly. You don't need survey for that they just need to ask any Sys Admin to confirm it.And don't get your Sys Admin angry. It could cost you big time.

    supertrek32"74 Percent of IT Pros Admit to Network Snooping""The survey found that 64 percent of UK IT professionals admitted to accessing information not relevant to their role, while 74 percent of U.S."Thanks for the sensationalized headline. Snooping is definitely not the same as looking at something irrelevant. Facebook is irrelevant, but I wouldn't call that snooping by any means.


    Do you have any concept of system administration? Lets break this down:
    Unix systems - root = god of all. There is no securing files from it at the *SYSTEM* level. Non administrated certificate based or 3rd party user encryption is the only way.
    Windows: Yes, you can "deny" the administrator from looking at files and what not.. however, SOMETHING has to access it for it functions, such as most network based backup systems that run as a user account that can see it, which IT Staff setup.
    Both of those items pointed out, a database requires setup and Maintenance. Whoever administers that will need access for at least that much, which gives them the ability to see everything.

    Bottom line, SOMEONE has to have the power to setup security measures, and therefore have the ability to turn them off or go around them. The only security "Measure" there can be is an audit log, which even then is setup by the administrator. As far as "snooping" goes, because it is done with out changing anything, its impossible to keep the sysadmin out, beyond the measures I indicated above, which means the system administrator wont be able to read the contents of the files, but also could cause issues with backup and other operations if there are shared files.
    I've gone through 10 years worth of audits, and ITIL + SOX all acknowledge this known limitation of security.
    Know what you're saying before you comment on it.
  • 0 Hide
    dEAne , July 13, 2010 2:51 AM
    Yeah but thats all natural for IT pros.
  • 4 Hide
    jsm6746 , July 13, 2010 3:02 AM
    don't piss off your it guys...

    enough said...
Display more comments