A recent study by Cyber-Ark has revealed that an increasing number of IT professionals are using their administrative powers to access information not relevant to their role.
Cyber-Ark surveyed 400 IT professionals about how they use their privileged accounts. The survey found that 64 percent of UK IT professionals admitted to accessing information not relevant to their role, while 74 percent of U.S. IT pros admitted to doing the same. Further, 41 and 40 percent (UK and U.S. respectively) admitted they had used their admin password to access information considered to be confidential or particularly sensitive.
The fact that 67 percent of UK respondents and 78 percent of U.S. respondents say their privileged accounts are monitored does barely anything to pacify concerns when Cyber-Ark reports that 53 percent (UK) and 74 percent (US) have the ability to get around controls put in place to monitor access.
Asked what they would take if they knew they were going to be fired in the morning, only 30 percent of UK respondents said nothing. The U.S. respondents seemed a little more loyal to their employers, with 64 percent saying they'd take nothing. Of the 70 percent of British and 36 percent of Americans who said they would take something, the most prominent choice was the database (16 percent in both countries). Also on the list were privileged passwords, the email server admin account, financial reports, the CEO's password and R&D plans.
Those surveyed said they believed the people working IT departments were most likely to snoop around the network.
Have you ever snooped around on the network at work? Let us know in the comments below!
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
70% said they'd steal data?????? O__oReply
Seems pretty ridiculous if you ask me, but I'm not an IT guy, so maybe they have their reasons.Reply
But ya, the amount that said they would steal data is no good at all.
It says "Among the stuff 70 percent of the British and 36 percent of Americans said they'd take was..."Reply
So, they would take data - personal emails, photos maybe? And some (an undisclosed number) said they'd take more.
Seems like a lot of FUD re: taking stuff. More information required.
And even though that percentage seems high, that doesn't even count the off shored outsourced data management company that got hired on to replace most IT staff cause it's cheaper.Reply
I laugh a bit about this. When I interned at my local cities IT dept as a college student they foolishly gave me the default admin (both to the machine and network) user name and password. Its set up so that the city has one user name, while the Police have a name one digit higher. Fire is one digit higher, while the water dept has the highest numbered user name. (password never changes) I wouldn't have to steal these names as I had to use them so much they are a part of me. I understand this is different as they are grabbing the user:pass of certain people, but I'm sure with enough knowledge they could do ??? I know I could.Reply
It said they want to take the database and other important information. the most important information that they would most likely be stealing is the customer list with all of the contact info included. they could take all of that and use it at another company...even with an NDA, no way to prove where they got it( if they are smart).Reply
"74% of IT professionals are board out of their f*&$ing minds and have nothing better to do, the other 26% are incompetent."Reply
what's not mentioned is that 26% of network admins are lairs.Reply
**sigh** at least they are shilling a product to fix this problem, what a coincidence! I'm feeling like they tweaked the hell out of the questions/data to get the numbers they wanted... Now lets all go buy their cyber-arc security systems and feel safer....Reply
I call the assumptions made in this survey a BS. If the info should be seen by person A, B and C only person A, B and C should have access on the first place. If the IT has access and the John's account has permission to see the data ... well he has permission and it can't be called snooping. Only other way is for the sys admin to crack the security measures and this takes far more time then "free time on the job" average sys admin has.Reply
The result of this survey really means that 70% of the networks has not been configured correctly. You don't need survey for that they just need to ask any Sys Admin to confirm it.
And don't get your Sys Admin angry. It could cost you big time.