Thursday, September 4

Cyber-Ark Study: 88% of IT admins would steal

From the press release:
Of the 88 percent that said they would take valuable information with them, one third of devious IT administrators would take the privilege password list which would give them access to all the other sensitive and valuable documents and information such as financial reports, accounts, and HR records.
Also:
The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details, M & A plans, people's personal emails, board meeting minutes and other personal information that they were not privy to. They did this by using their privileged rights and administrative passwords to access information that is confidential or sensitive.
I guess if you're hiring an IT admin, you might ask if they participated in the Cyber-Ark study and if so, there's an 88% chance that you shouldn't hire them. I know the criticism about surveys like this, but is it really that hard to believe? Seems like human nature to me.

1 comment:

Rafal Los said...

You're 100% correct, that's just human nature. Look at the high-profile cases from (recently) San Francisco, and way-back from that financial firm where the admin went rogue and locked everyone out...

This is human nature to retaliate, and it only serves to prove to us that we need to add more focus on separation of duties. There is no reason that a Security Admin should have access to sensitive information... if permissions and roles are provisioned properly... right?