IT staff stealing company secrets

London, UK – More than a third of senior IT workers in the UK and US are snooping at work, according to a survey.

According to the third annual Cyber-Ark poll, 35 percent of IT staff have used their IT administration rights to snoop around networks to access privileged, corporate information. Most of the rest reckoned they could if they wanted, with 74 percent stating that they could circumvent the controls currently in place to prevent access to internal information. 
 
The most common areas respondents indicated they access are HR records, followed by customer databases, merger and acquisition plans, redundancy lists and lastly, marketing information. The problem exists both sides of the pond: “There was very little difference between the States and ourselves,” said a spokeswoman.

Perhaps because of the worsening economic situation, respondents said they would take more information with them if they were fired than they did in last year’s survey. When asked this year “What would you take with you?” the survey found a six-fold increase in staff who said they would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.
 
A fifth of companies admitted having experienced cases of insider sabotage or IT security fraud.  Of those companies, 36 percent suspect that their competitors have received highly sensitive information or intellectual property.
 
“This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated,” said Udi Mokady, CEO of Cyber-Ark.


Those surveyed said they would steal the following types of information.

Type of Information 2009 2008
Customer database 47% 35%
Email Server admin account 47% 13%
M&A plans 47% 7%
Copy of R&D plans 46% 13%
CEO’s password 46% 11%
Financial reports 46% 11%
Privileged password list 42% 31%