Survey: Businesses snooped on by ex-employees, IT staff
A new Cyber-Ark survey finds many IT pros believe their companies are being snooped on more frequently, with some of the snooping being done by IT itself.
Many IT folks think snooping is on the rise at their companies. They may know best since they're the ones doing some of the snooping, at least according to survey results released Wednesday by Cyber-Ark.
To put together its fourth annual "Trust, Security and Passwords" (PDF) survey, security vendor Cyber-Ark said it questioned more than 400 IT professionals across the U.S. and the U.K., mostly from enterprise-size businesses.
Among those surveyed, 67 percent admitted that they accessed confidential information not relevant to their jobs. In nominating the department most likely to snoop, 54 percent pointed the finger at IT due to the group's power and responsibility in maintaining multiple computer systems throughout their companies.
The 67 percent who tagged their own IT groups marked an increase from the 35 percent who did the same last year and the 47 percent in 2008. But other departments didn't get off the hook. Among the IT admins surveyed, 11 percent chose Human Resources as the department tops on the snooping list, followed by administrative assistants.
Even further, 41 percent of the IT folks questioned confessed to abusing administrative passwords to check out sensitive or confidential information, a rise from 33 percent from the last two years. Those in the U.S. said they were most interested in seeing the customer database, while people in the U.K. wanted to peep at their internal HR records.
Beyond just internal snooping out of curiosity, some confidential data may also be landing in the hands of the competition, according to Cyber-Ark. Among the IT pros surveyed, 35 percent said they believe highly-sensitive information is being turned over to competitors. Out of those, 37 percent fingered disgruntled ex-employees as the likely source of the breach, followed by 28 percent who blamed human error. External hacking and the loss of a mobile computer were also on the list, each at 10 percent.
The most common types of files grabbed by competitors were the customer database in 26 percent of the cases and R&D plans in 13 percent.
Though internal snooping and data theft may be on the rise, many companies are trying to set up stronger controls to prevent them, according to the survey. Such controls may slowly be doing the trick, as 61 percent of IT folks said they could sneak past those controls, a decline from 77 percent who said that last year.