Whilst you sit there innocently working away, little do you realize that a third of your IT colleagues have been snooping around the network, looking at highly confidential information, such as salary details, M & A plans, people’s personal emails, board meeting minutes and other personal information.
That’s the findings of a survey released today by Cyber-Ark Software who carried out the research amongst 300 senior IT professionals (mainly from companies employing over 1000+ employees), as part of their annual survey into “Trust, Security and Passwords”. One third of the survey sampled admitted to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to.
When asked if they had accessed information that was not relevant to their role 47 percent admitted they had!
Even more worrying is the fact that privileged passwords get changed infrequently and often a lot less than user passwords. Thirty percent get changed every quarter and a staggering 9 percent never get changed, giving access indefinitely to all those who know the passwords, even when they’ve left the organization.
Half of IT administrators do not have to get authorization to access privileged accounts which shows a general lack of control of these power identities and indeed understanding over the power that these privileges command.
Seven out of 10 companies rely on out-dated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners with 35 percent choosing to email sensitive data, 35 percent sending it via a courier, 22 percent using FTP and 4 percent still relying on the postal system. This shouldn’t be any big surprise when you learn that 12 percent of these senior IT personnel who were interviewed also choose to send cash in the mail.