Security Pros Sneak a Peek of Corporate Data

Wednesday, October 18, 2017 @ 12:10 PM gHale


IT security professionals often will access information that does not pertain to their day-to-day work, a new report found.

When asked if their company’s employees ever attempt to access information that is not necessary for their day-to-day work, 92 percent said it happens and 23 percent said it happens frequently. There are no major differences based on region or the size of the company.

RELATED STORIES
DDoS Attacks Double in Year
Utility Execs Fear Grid Attacks: Report
Spam Rate Down a Bit for Month
Manufacturing Open to Attacks: Report

That was just one one of the results from the Dimensional Research report that polled more than 900 IT security professionals on behalf of One Identity. The respondents were from various types of companies in the United States, the United Kingdom, Germany, France, Australia, Singapore and Hong Kong, with at least 500 employees.

Just about two-thirds of the IT security pros taking part in the survey admitted snooping themselves, although 51 percent said they rarely do it. Professionals from the U.S. seem to snoop the least (50 percent) while ones in Germany snoop the most (80 percent).

Executives appear to pry the most with 71 percent saying they take a look, followed by managers at 68 percent and other members of the IT security team at 56 percent.

Globally, one in three IT security professionals who took part in the survey said they accessed sensitive information about their company’s performance, despite not being required to do so as part of their job.

Executives and managers are more likely to look at company performance data compared to non-managers.

Cybersecurity professionals working in the technology sector are most likely to look for data on their organization’s performance, the report said.

“While insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility — and it could be that meddling that ends up putting their employers in hot water,” said John Milburn, president and general manager of One Identity.

“Without proper governance of access permissions and rights, organizations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business’s reputation or financial standing,” Milburn said.

Key findings related to IT security professionals’ behavior in a nutshell:
• Company performance information is a hot commodity: More than one in three (36 percent) of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
• IT security executives are the guiltiest by level: Seventy-one percent of executives admit to seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.
• The smaller the company, the bigger the snoop: Thirty-eight percent of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29 percent of professionals at companies with more than 5,000 employees.
• Workers in technology companies most likely to go on a sensitive information hunt: Forty-four percent of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36 percent in financial services, 31 percent in manufacturing, and just 21 percent in healthcare.



Leave a Reply

You must be logged in to post a comment.