Workplace Snooping and Data Theft on the Rise

Thirty-five percent of companies believe that their organisation's sensitive information has been given to competitors, according to a new survey.

Cyber-Ark Software's "Trust, Security and Passwords" global survey also found that 37 percent of IT professionals surveyed cited former employees as the mostly likely source of this loss.

However, human error followed second, with 28 percent of respondents saying this was the most likely cause, followed by 10 percent who believed that it was a result of an external hack, and 10 percent who cited the loss of a mobile device or laptop.

The IT security company questioned more than 400 senior IT administrators in the UK and US in the spring of 2010 for the fourth annual survey.

The survey found that the most popular sensitive information to be shared with competitors was the customer database (26 percent) and R&D plans (13 percent).

Cyber-Ark suggested that to address the vulnerabilities related to human error, companies need to deploy additional layers of control on sensitive data.

In addition, Cyber-Ark's survey found that IT professionals are increasingly using their privileges to access sensitive or confidential information. A total 41 percent of respondents admitted to abusing administrative passwords to do so, an increase from 33 percent in 2008 and 2009.

Furthermore, 67 percent of respondents admitted to having accessed information that was not relevant to their role, and the IT department was identified as the biggest culprit, with 54 percent saying that IT staff were most likely to snoop, with HR coming second at 11 percent.

Preference for the type of data that IT staff snooped on varied depending on geography, with 30 percent of UK respondents accessing HR records first, compared to 28 percent of US respondents, and 38 percent of US respondents choosing to sneakily access the customer database first, compared to just 16 percent of UK respondents.

However, firms are making it harder for IT staff to gain unauthorised access to sensitive data. The number of respondents who said they could circumvent their company's access controls had fallen from 77 percent in 2009 to 61 percent this year.

Despite this, insider sabotage had increased from 20 percent last year to 27 percent this year. And although 88 percent of IT professionals believed that their use of privileged accounts should be monitored, only 70 percent of firms try to do so.

Adam Bosnian, Cyber-Ark's executive vice-president of Americas and corporate development, said: "While we understand that human nature and the desire to snoop may never be something we can totally control, we should take heart that fewer are finding it easy to do so.

"It is the organisation's obligation to protect its sensitive information and intellectual property."

Subscribe to the Security Watch Newsletter

Comments