Snooping, the unauthorized use of access privileges to view sensitive or confidential data within an organization, is on the rise according to Cyber-Ark Software’s fourth annual “Trust, Security and Passwords” survey of senior IT professionals in the US and UK.
Forty-one percent of the more than four hundred respondents confessed to abusing administrative passwords in order to snoop on their colleagues – up from 33 percent in both 2008 and 2009. US respondents targeted customer databases first (38 percent versus 16 percent in the UK) with HR records most alluring to UK respondents (30 percent versus 28 percent in the US).
The good news is that organizations are trying harder to curb snooping and are installing stronger controls to prevent these incidents. It’s working. In 2009, 77 percent of respondents said they could circumvent controls on snooping. This year, the figure was down to 61 percent.
The survey found that 67 percent of respondents admitted having accessed information that was not relevant to their role. When asked which department was more likely to snoop and look at confidential information, more than half (54 percent) identified IT, a natural choice given that group’s power and broad responsibility for managing multiple systems across the organization.
Customer Lists and R&D Plans
At the macro, company-to-company level, 35 percent of respondents believe their company’s highly-sensitive information has been handed over to competitors. Ex-employees were cited as the most likely culprits.
The next most likely cause was human error, at 28 percent. External hacks and loss of mobile devices or laptops tied for third at 10 percent. The most likely types of information to end up in competitors’ hands were customer databases (26 percent) and R&D plans (13 percent).