More than a third of IT administrators abuse their privileged access to IT systems to download confidential data such as board meeting minutes, redundancy lists, and marketing strategies, a new survey has discovered.
The poll by data security firm Cyber-Ark found that 35% of senior IT professionals in the UK and the US admit to snooping, while nearly three quarters (74%) said they could access information not relevant to their role if they wanted to do so.
This is compared to the 33% of IT professionals who confessed to snooping in last year’s poll.
Nearly half of the 400 IT professionals polled said if they were fired they would steal the firm’s CEO password or research and development plans.
“Employee snooping on sensitive information continues unabated,” said Udi Mokady, Cyber-Ark CEO.
“Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak,” Mokady added.
“Businesses must wake up and realize that trust is not a security policy; they have an organizational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted.”
One in five firms has been the victim of insider sabotage of IT security fraud, Cyber-Ark said.