One in four IT security staff abuse admin rights, survey shows

At least one in four IT security staff use their privileged login rights to look at confidential information, a survey has revealed.

At least one in four IT security staff use their privileged login rights to look at confidential information, a survey has revealed.

More than a quarter of the 300 IT professionals polled in the latest annual password survey by identity management firm Lieberman Software said they could not resist peeking at redundancy lists, payroll information and other sensitive data including, for example,  Christmas bonus details. 

The survey also showed that a fundamental lack of IT security awareness in enterprises, particularly around password control and privileged logins, is potentially paving the way for a further wave of data breaches in 2012.

Some 42% of respondents said that in IT staff in their organisations are sharing passwords or access to systems or applications, 26% said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information, and 48% said their companies are still not changing their privileged passwords within 90 days as required by most major regulatory compliance mandates.

“Our survey shows that senior management at some of the largest organisations are still not taking the management of privileged access to their most sensitive information seriously,” said Philip Lieberman, president and chief executive officer of Lieberman Software.

Where there is unsupervised, unaudited and unauthorised access to bonus information, IT security is seriously flawed, he said.

Organisations that fail to manage privileged access to systems could end up in the same situation as UBS AG, which lost $2.3bn because rogue trader Kweku Adoboli was allowed unfettered access to their systems, said Lieberman.

“These fundamentally careless practices and procedures revealed by the IT departments of the organisations we surveyed could cost them dearly in 2012,” he said.

Privileged accounts hold elevated permission to access files, install and run programs, and change configuration settings. Their misuse is a major reason for data leakage, said Liebeman.

Photo: Thinkstock

Read more on IT legislation and regulation

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Didn't know that the problem was so serious. But, it could be prevented by implementing a remote access management strategy. I recently read an interesting whitepaper about how single-sign-on could prevent such breaches


There is a quote I am reminded of that others will do it , if they can
and perhaps I mean the wrong things too. One way to monitor all the
employees in office including the IT personnel is SniperSpy for Windows
and Mac.