Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Despite the rise in high-profile data leaks over the past year, the survey of 400 IT administrators found that 35 per cent had abused their admin rights, up slightly from 33 per cent in the same survey a year ago.
The most common information being accessed is HR records, followed by customer databases, merger and acquisition (M&A) plans, redundancy lists and marketing information.
Cyber-Ark's 2009 Trust, Security & Passwords report also identified a dramatic rise in the number of respondents who would take proprietary data and information with them if they were fired, as well as a change in the type of information they would take.
The survey found a six-fold increase in the number of staff who would take financial reports or M&A plans, and a four-fold increase in those who would take chief executives' passwords, and research and development (R&D) plans. Other targets included customer databases, email server admin accounts and privileged password lists.
Although most companies appear to have some sort of monitoring of privileged account access and activity, three-quarters of respondents claimed that they could get round them if they wanted to.
"This survey shows that, while most employees claim that access to privileged accounts is currently monitored, and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated," said Udi Mokady, chief executive at Cyber-Ark.
"Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information."
The research also revealed that one in five companies admitted to having been the victim of some kind of insider sabotage or IT security fraud. Over a third of these suspect that their competitors have received highly sensitive information or intellectual property as a result.
"Businesses must wake up and realise that trust is not a security policy. They have an organisational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted," concluded Mokady.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.