Survey shows recession dismissed IT staff will steal your secrets if you let them

If the looming  recession means redundancies at your workplace, exercise extreme caution when it comes to dismissing your IT guys - thats the stark warning from privileged identity management specialist firm Cyber-Ark.

Its annual survey into Trust, Security & Passwords amongst 300 IT security professionals has revealed that 88% of IT administrators, if laid off tomorrow, would steal valuable and sensitive company information. The target information includes the CEOs passwords, the customer database, R & D plans, financial reports, M & A plans and most importantly the companys list of privileged passwords.  Only 12% would be honest enough to leave empty handed.

The privileged password list provides the keys to unlock access to every piece of information thats on the network, of the 88% that said they would take valuable information with them a third of devious IT administrators would take the privilege password list which would give them access to all the other sensitive and valuable documents and information such as financial reports, accounts, salaries and other privileged and highly sensitive information. 

Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company. These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as its often considered too much hassle. When people leave the organisation, they can often still access the network using these passwords to acquire an organisations most sensitive information says Udi Mokady Co-founder and CEO of Cyber-Ark. Our advice is secure the most privileged data, and routinely change and manage them, so that if an employees contract is terminated, whether sacked or made redundant, they cant maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.

Intellectual property and industrial espionage is a real problem

Interestingly, one third of companies believe that industrial espionage and data leakage is rife with data being leaked out of their companies and going to their competitors or criminals, usually via powerful high gigabyte mobile devices such as USB sticks, iPods, Blackberrys and laptops or sent over email. A quarter of companies also admitted to suffering from internal sabotage and/or cases of IT security fraud happening in their workplace which shows just how prevalent IT security breaches are within most companies.

Sloppy habits when exchanging Privileged and Sensitive Information

The survey shows that IT security is a very genuine problem for most companies, and additionally, those responsible for securing the systems are often very sloppy when it comes to basic good housekeeping. According to the survey IT administrators who are often responsible for security, dont exchange or send information securely with 35% choosing to send sensitive or highly confidential information via email. . Furthermore, 35% of those surveyed use couriers to transport sensitive data (a system used by HMRC which sorely failed last year when the courier lost their disc) a system only marginally safe when the information is backed up and encrypted. Finally and astonishingly, 4% of the sample size actually use the postal system to send sensitive information!

A third of the most powerful passwords are still being put on post-it notes!

In spite of the billions that is currently spent on IT security systems to make them safe and protected, it is very hard to instil good working practices even amongst the very people who are responsible for setting IT security standards in their own companies with one third of IT administrators admitting to having written down privileged passwords on a post-it note.

A third of IT staff snoop at confidential data

The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details, M & A plans, peoples personal emails, board meeting minutes and other personal information that they were not privy to. They did this by using their privileged rights and administrative passwords to access information that is confidential or sensitive. 

Cash still being sent in the post

When the researchers flippantly asked the IT administrators if they had ever sent cash in the post a rather red-faced 12% admitted they had!

You can install the best security systems in the world, but if your staff do not respect the information they are entrusted with, then the information will definitely go astray just as the findings of this survey have illustrated. says Udi Mokady. 

Thats why we recommend companies secure their privileged identities and sensitive information in a digital vault just like a physical one - only giving individuals access to the information they actually need, when they need it. This can be audited so you can keep track of who is accessing what and where its going. Mokady concluded.

About Cyber-Ark

Cyber-Ark Software  is the leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and highly-sensitive information across the enterprise. Long recognized as an industry innovator for its patented Vaulting Technology, Cyber-Ark's digital vault products include: The Enterprise Password Vault for the secure management of administrative, application and privileged user passwords; the Inter-Business Vault, a secure infrastructure for cross-enterprise data exchange of highly-sensitive information, and the Sensitive Document Vault for secure storage and management of highly-sensitive documents.

Cyber-Ark's Vaulting platform has been tested by ICSA Labs, an independent division of Cybertrust and the security industry's central authority for research, intelligence, and certification testing of security products. Cyber-Arks award-winning technology is deployed by more than 400 global customers, including 100 of the worlds largest banks and financial institutions. 

Note: This survey was conducted at Infosecurity 2008- Europes largest IT security event

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter