Home > News > Security > IT professionals admit to snooping

IT professionals admit to snooping

By Guy Dixon
23 June 2008 07:41AM
Tags: professionals | admit | snooping

One in three IT staff abuse administrative passwords to gain access to confidential data, according to a recent study..

The information includes salary details, personal emails and board-meeting minutes.

The survey of 300 IT professionals revealed that an additional 47 percent of IT staff had accessed information not relevant to their role.

Carried out by US information security company Cyber-Ark, the study also showed that privileged passwords get changed far less frequently than user passwords.

Only 30 percent of respondents said they change privileged passwords every quarter, while nine per cent admitted to never changing them at all giving ex-IT staff access to confidential company information.

Outdated and insecure methods of exchanging sensitive data are still employed, with 35 percent opting for email and a further 35 percent choosing couriers. Meanwhile, some four percent still depend on the postal system.

"All you need is access to the right passwords or privileged accounts and you are privy to everything that is going on within your company," said Cyber-Ark UK director Mark Fullbrook.

"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems.

"To those 'in the know’ they are the keys to the kingdom and wield a great deal of power if unprotected or fall into the wrong hands."

Ads by Google

Thoughts on this article? Add a comment below.

Comments: 3

I've found that Microsoft Admins are the worst culprits!

Posted by Tom, Jun 23, 2008 9:13 AM

Report

The answer is simple. Use two part passwords (each part submitted by separate authorized person). This can be done even on the current setup. Perhaps some IT genius could devise a a proper one.

Posted by Gecko, Jun 23, 2008 11:21 AM

Report

On the surface, it appears to be a rather damning indictment of IT professionals --until you look at who conducted this "survey":

"Cyber-Ark® Software is the leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and highly-sensitive information across the enterprise."

http://www.cyber-ark.com/news-events/pr_20080619.asp

This isn't journalism. It is a blatant advertorial for a company that peddles it's wares in that all too familiar US scare-mongering style (they have WMD's, red's under the bed, your sys admin knows you like to be spanked on the weekends and wear women's underware to work)

Why not take aim at the security models of operating systems? No, that would hurt Cyber-Ark's bottom line. It's far easier to take cheap shots at IT professionals in the form of a puerile "press release."

Posted by Former Admin, Jun 24, 2008 7:50 PM

Report

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Product Reviews

	AdventNet ManageEngine The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...

	Cyber-Ark Software Enterprise Password Vault The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.

	Hitachi ID Systems ID-Archive The Hitachi ID-Archive sets its focus on password randomisation.

	Lieberman Software Enterprise Random PM The Lieberman Software Enterprise Random Password Manager is a full-on password manager and randomiser for...

	Proginet Corporation SecurForce Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.