IT staff may be a primary source of
data leakage, according a survey of 300 IT professionals at the
recent Infosecurity exhibition in London.
One-third of those questioned said they used their administrator
passwords and privileges to look at confidential company
information. This included salary details, merger and acquisition
plans, personal e-mails, board meeting minutes and other pieces of
personal information. Some 47% said that they had accessed
information that was not relevant to their role.
The survey is part of ongoing research by IT security firm
Cyber-Ark into industries'
information access and control procedures.
Researchers reported that privileged passwords are changed less
often than user passwords. They found 30% change once a quarter and
9% never get changed.
Half of IT administrators do not need authorisation to access
privileged accounts. This shows a general lack of control of these
power identities and indeed understanding over the power that these
privileges command, said Mark Fullbrook, UK director of
Cyber-Ark.
Data exchanges were also vulnerable. One in three e-mail
sensitive data, 35% send it via courier, 22% use FTP and 4% still
use the postal system. And 12% of these senior IT staff also chose
to send cash in the post.