The target information included the CEO’s passwords, the customer database, R & D plans, financial reports, M & A plans and most importantly the company’s list of privileged passwords, which over a third said they would take.
“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company. These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it’s often considered too much hassle,” said Udi Mokady chief executive of security firm of Cyber-Ark.
“Our advice is secure the most privileged data, and routinely change and manage them, so that if an employee’s contract is terminated, whether sacked or made redundant, they can’t maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.”
Over a third of administrators also admitted to using privileged passwords top snoop on the network, looking up salaries and other personnel details as well as confidential business information and the web viewing habits of other staff.
The survey also showed alarmingly poor levels of security practice among administrators.
Over a third admitted to writing passwords on Post-it notes and leaving them on monitors, 35 per cent sending confidential information via unencrypted email and four per cent trusting it to the post.
IT administrators admit they’d steal data
By Iain Thomson on Aug 28, 2008 4:08PM