Survey Reveals Scandal of Snooping IT Staff A third of IT staff secretly peek at confidential data

June 19, 2008 - Whilst you sit there innocently working away, little do you realise that a third of your IT colleagues have been snooping around the network, looking at highly confidential information, such as salary details, M & A plans, people's personal emails, board meeting minutes and other personal information. That's the findings of a survey released today by Cyber-Ark® Software, specialists in digital vaulting solutions, who carried out the research at the recent Infosecurity Expo 2008, amongst 300 senior IT professionals (mainly from companies employing over 1000+ employees), as part of their annual survey into "Trust, Security and Passwords". One third of the survey sampled admitted to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to.Ever wonder what your IT department is up to?When asked if they had accessed information that was not relevant to their role 47% admitted they had!Mark Fullbrook, UK Director of Cyber-Ark says "When it comes down to it, IT has essentially enabled snooping to happen! It's easy - all you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company. Gone are the days when you had to photocopy sheets of information with your customer database on it, or pick the lock to the salaries drawer! In some organisations there is little understanding or lack of controls in place to manage workers access to systems. For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those "in the know" they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power. This could include highly sensitive information such as merger plans, the CEO's emails, company accounts, marketing plans, legal records, R & D plans etc."Privileged Passwords Rarely Get ChangedEven more worrying is the fact that privileged passwords get changed infrequently and often a lot less than user passwords. Thirty percent get changed every quarter and a staggering 9% never get changed, giving access indefinitely to all those who know the passwords, even when they've left the organisation.Who's managing the Privileged Passwords?Half of IT administrators do not have to get authorisation to access privileged accounts which shows a general lack of control of these power identities and indeed understanding over the power that these privileges command.Majority are sloppy at handling and exchanging sensitive dataSeven out of 10 companies rely on out-dated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners with 35% choosing to email sensitive data, 35% sending it via a courier, 22% using FTP and 4% still relying on the postal system. This shouldn't be any big surprise when you learn that 12% of these senior IT personnel who were interviewed also choose to send cash in the post!Fullbrook continues "As we have seen many use their privileged passwords without having to seek authorisation, and if the price is right what's stopping them from choosing to trade information to the highest bidder. Companies need to wake up to the fact that if they don't introduce layers of security and tighten up who has access to vital information, by managing and controlling privileged passwords, snooping, sabotage and hacking will continue."For more information about this survey or to interview Cyber-Ark on their findings contact Yvonne Eskenzi on 020 71832 832 or email Yvonne@eskenzipr.comAbout Cyber-ArkCyber-Ark® Software is a leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and managing sensitive information across the enterprise. Long recognized as an industry innovator for its patented Vaulting Technology®, Cyber-Ark's Digital Vault products include: The Enterprise Password Vault® for the secure management of administrative, application and privileged user passwords; the Inter-Business Vault®, a Managed File Transfer solution for cross-enterprise data exchange, and the Sensitive Document Vault, secure repository for protecting and sharing sensitive documents. Cyber-Ark's Vaulting platform has been tested by ICSA Labs, an independent division of Cybertrust, and the security industry's central authority for research, intelligence, and certification testing of security products. Cyber-Ark's award-winning technology is deployed by more than 500 global customers, including 100 of the world's largest banks and financial institutions. Headquartered in Newton, MA, Cyber-Ark has offices and authorized partners in North America, Europe and Asia Pacific. For more information, visit

Thursday, June 19, 2008 - 10:00