News

Insider Snooping Becoming More Common

Thomas Claburn
Editor-at-Large
See more from Thomas
Connect directly with Thomas: Bio  |  Contact

In a survey, most respondents acknowledged being able to circumvent security access controls at their workplace.

Thomas Claburn | June 11, 2009 07:00 AM

To a hammer, everything looks like a nail. And to an information security company, everyone looks like a thief.

In its third annual survey of IT professionals, Newton, Mass.-based security information company Cyber-Ark has found that more than a third of IT personnel have used their IT admin powers to access sensitive corporate information without authorization.


More Security Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

The 400-person survey also found that almost three out of four respondents acknowledged being able to circumvent information access controls at their workplace. This isn't entirely surprising given that these same IT admins probably had a hand in setting up or maintaining these controls.

And really, there's something breathless about such findings. A similar percentage of respondents would probably acknowledge being able to stab co-workers with a pen. But being able to do so isn't the same as possessing an interest in doing so or exercising that ability.

According to Cyber-Ark, the recent economic decline has coincided with an increase in the number of respondents who say that they would take corporate data with them if they were fired. When respondents were asked "What would you take with you," six times as many (47%) as in 2008 said they would take financial reports or merger and acquisition plans, and four times as many (46%) as in 2008 said they'd take CEO passwords and R&D plans.

It may be however that a survey question of this sort amounts to push-polling -- asking a question to elicit a particular response. Asking "What would you take with you" presumes a willingness to steal that may not exist and makes the act of stealing seem like an expectation.

Certainly, there's a risk from insiders, particularly among those who've been fired. The survey notes that 1 in 5 companies acknowledged being affected by insider sabotage or IT security fraud. The risk is real. But there's risk, too, in believing your IT staff is out to get you.


InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).
About The Author
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired Continued
See more from Thomas
Connect directly with Thomas: Bio  |  Contact

Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Video

Slideshow

Informationweek Discussions

Start the Discussion


InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS

Resource Links