IT Security News and Opinion
Thursday May 23rd 2013
Auto Discovery Webinar

39% of IT Staff Can Get Unauthorized Access to Sensitive Data

If there’s one thing we enjoy here at Identity Week, it’s conducting anonymous surveys to learn what’s really going on down at the admin level in IT shops around the world.

Here’s what we found out from our latest one: 39% of IT admins claim that they can get unauthorized access to the most sensitive information in their organizations – including the CEO’s private documents. (Yes, we phrased that question specifically to mention CEOs).

If that doesn’t sound scary enough, as the headline of this post notes, one in five respondents assert that they’ve already accessed data they shouldn’t have.

So what does this mean at a more practical level? We asked this question – “If you thought your job was at risk would you use your admin rights to get access to layoff lists and other valuable or sensitive information?” More than one in ten (11%) answered yes.

And when asked if senior management would even know how to stop them from taking sensitive information, more than two-thirds (69%) of our IT admin respondents replied no.

We conducted this most recent survey among approximately 450 IT professionals in both North America and Europe. Respondents came from organizations of all size – though more than half (55%) work in places with more than 1,000 employees.  We don’t ask any identifying questions when we do these surveys because we want people to feel that by being anonymous, they can also be honest.

These results don’t surprise me in the least. I’ve spent many years now in the IT security industry, focusing on ways to secure privileged account passwords (admin, root, etc.) that grant IT admins anonymous access to systems and applications throughout the network.

Not only do these credentials give IT professionals super user access, but it’s access that generally isn’t audited. So there’s no who-did-what-and-when forensics available when configuration settings are modified or when sensitive data is breached. And this doesn’t apply exclusively to current employees. If privileged account passwords aren’t frequently changed, you better believe former employees and contractors still have access.

Don’t expect this type of insider threat to change until executive management steps forward and demands that controls be placed over privileged account access.

If you want more details on this survey, have a look at our 2012 Security Survey page.

What do you think about these results? Agree, disagree? Let us know in the comments section. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

 

FacebookTwitterLinkedInDeliciousTechnorati FavoritesDiggBlogger PostGoogle ReaderShare
Post Published: 12 September 2012
Author: Admin
Found in section: Latest IT News, Security Best Practices, Technology News

Tags: , , ,

Previous Topic:
Next Topic:

Leave a Reply


+ seven = 9

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed
Visit the Lieberman Software Website

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security Cloud Computing Cloud Security CSO cyber-attacks cyber attack Cyber Security data breach Data Breaches Datacenter Security Data Security default password disaster recovery enterprise security Governance Risk and Compliance hacktivism Identity Management insider threat Insider Threats Internet security IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats online privacy Password Security PCI-DSS Compliance privileged account credentials privileged account management privileged accounts Privileged Identities privileged identity management regulatory compliance RSA Securing Legacy Applications Security Management SIEM smart card smartphone security stolen credit card Stuxnet