Insider Snooping Still Serious Security Issue, Survey Finds

Last year's Cyber-Ark "Trust, Security & Passwords" survey revealed that one-third of IT staff used their IT administration rights to access privileged or confidential data, including human resources records, layoff lists, merger and acquisition plans, and customer databases. Behavior hasn't changed much according to results from this year's survey.

"Despite a sharp rise in data breaches and increased media awareness on the subject, the third annual Cyber-Ark survey reveals that 35 percent of IT workers now admit to accessing corporate information without authorization, while 74 percent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information," according to Cyber-Ark.

The global survey polled over 400 senior IT professionals in the United States and the United Kingdom, primarily enterprise-class companies.

The survey reveals what type of information (and how much of that data) employees are interested in taking if they are fired. This year's survey reports "a sharp increase in the number of respondents who say they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security."

For security managers, an ever more alarming result is the six-fold increase in staff "who said they would take financial reports or merger and acquisition plans." Staff who would take CEO passwords and research and development plans also climbed, increasing four-fold since last year.

Here's what employees would most likely steal:

Type of Information



Customer Database



E-mail Server Admin Account



M&A Plans



Copy of R&D Plans



CEO's Password



Financial Reports



Privileged Password List  



Also worrisome: one company in five admits having experienced "cases of insider sabotage or IT security fraud." Of those, "36 percent suspect that their competitors have received their company's highly sensitive information or intellectual property."

Organizations know about the problem. Seventy-one percent of respondents indicated that privileged accounts are monitored somewhat; of these, 91 percent of those being monitored accept their employer's monitoring activities.

Despite such understanding, nearly three-quarters of respondents (74 percent) say that they could still circumvent such monitoring. Further highlighting the ineffectiveness of an enterprise's controls and access policies, more than a third (35 percent) of IT administrators confessed to using their administration rights to look at confidential or sensitive information. They most often access "HR records, followed by customer databases, M&A plans, layoff lists and, lastly, marketing information."

"This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated. Unauthorized access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information," said Udi Mokady, CEO of Cyber-Ark, in a prepared statement.

The full survey can be downloaded in PDF form here; registration is required for access.

About the Author

Jim Powell is president and CEO of Daisytek International Corporation. He can be contacted at 972-881-4700 or [email protected].


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • SharePoint Embedded Becomes Generally Available

    After a six-month preview, SharePoint Embedded, an API-based version of SharePoint that developers and ISVs can use to embed Microsoft 365 capabilities into their apps, is now generally available.

  • Copilot in Microsoft 365 Getting Agents, Extensions and Team (Not Teams) Support

    Microsoft is adding more functionality to its Copilot AI assistant aimed at improving business collaboration, processes and workflows for Microsoft 365 users.

  • Microsoft Giving Startups Templates To Build AI Apps

    A new perk for businesses enrolled in the Microsoft for Startups Founders Hub program aims to fast-track their ability to build AI-powered applications.