Are your IT folks snooping your protected data?

Security professionals access sensitive information, study finds

In a survey of IT professionals published Wedneday, 67% of respondents admitted having accessed information that was not relevant to their role, and 41% admitted abusing administrative passwords to snoop on sensitive or confidential information.

The survey, entitled "Trust, Security and Passwords," was conducted by security firm Cyber-Ark Software, which earlier this spring asked 400 IT professionals from the United States and the United Kingdom several questions about snooping. The firms says the survey was conducted during the RSA Security Conference 2010 and the Infosecurity Europe 2010 Conference.

What would your ultimate network security look like?

About 245 IT professionals participating in that survey answered the questions: "Have you ever accessed information on a system that was not relevant to your role?" and "Have you or any of your colleagues used the admin password to get at information that is otherwise confidential or sensitive?"

It turns out those unauthorized practices involving snooping at data were fairly common, and in addition, 56% of the survey respondents in the United Kingdom and 74% in the United States believed they can get around any controls that have been put in place to monitor privileged access.

However, despite the rise in confessed snooping since Cyber-Ark conducted a similar survey last year, fewer IT professionals this year said they believe they can circumvent controls.

When asked about snooping in their organizations, 54% of the respondents indicated they regarded the IT department as the department far "more likely to snoop around the network and look at confidential information" in comparison to those in other occupations, including accountants, managers, secretaries, marketing, sales and human resources.

Out of 392 respondents, a small number even said they would likely abscond with a database, financial reports, R&D plans or the CEO's password if they were told they "were going to be fired tomorrow".

Learn more about this topic

Revealing the cracks in provisioning

A year after Terry Childs case, privileged user account problem grows

A down economy increases threat of data walking out the door
Join the discussion
Be the first to comment on this article. Our Commenting Policies