- 19 October 2017 09:03
One Identity Research Exposes Major Problem with Employees Snooping on the Corporate Network
The survey, conducted by Dimensional Research, polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key findings, a remarkable 83 percent of Australian respondents report that employees at their organisations try to access information that is not necessary for their day-to-day work – with 16 percent admitting this behaviour happens frequently.
Most alarmingly, the report indicates that IT security professionals themselves are among the worst offenders of corporate data snooping. In Australia alone, 65 percent of respondents admit to having accessed sensitive information that is not necessary for their day-to-day work -- indicating ongoing abuse of elevated rights attributed to the IT security role. Other findings related to IT security professionals’ shocking snooping behaviour include:
● Company performance information is a hot commodity: In Australia more than 20 percent of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
● IT security executives are the guiltiest by level: Seventy-one percent of executives admit to seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.
● The smaller the company, the bigger the snoop: Thirty-eight percent of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29 percent of professionals at companies with more than 5,000 employees.
● Workers in technology companies most likely to go on a sensitive information hunt: Forty-four percent of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36 percent in financial services, 31 percent in manufacturing, and just 21 percent in healthcare.
“Even though the majority of threats Australian organisations face due to their own employees tend to not be of malicious intent, the research shows a large amount of intrusive examining of information from employees when the data is outside of their responsibility. In reality, it could be that bit of intrusive meddling that puts organisations in a dilemma,” said Richard Cookes, Country Manager ANZ, One Identity.
“Without proper authority of access permissions and rights, employees have a free-for-all to move about the business and access sensitive information such as financial performance data, confidential customer documents, or an executive’s personal files. If that valuable information ends up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks facing organisations that could result in irreversible damage to the business’s reputation or financial standing. The concern this should highlight is that organisations are very open to social engineering attacks where someone might join a company legitimately to attack it from within verses an external frontal assault. This makes protection of privileged access systems and applications from within even more important.”
Managing Snooping & Other Access-based Threats
Results released today reinforce a general finding prevalent within One Identity’s Global State of IAM Study: Companies are not adhering to basic identity and access management (IAM) best practices. In the case of employee snooping, role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information. With regard to snooping done by IT security professionals specifically, organisations can leverage identity intelligence to identify who has elevated rights and help pinpoint exactly where abuse of those rights is occurring to address this behaviour. Additionally, a separate report based on the global study recently found that best practices around removing inactive accounts, revoking access to ex-employees, and updating rights of employees whose roles have changed are also overwhelmingly poorly applied.
One Identity is committed to helping organisations eradicate these ongoing challenges, and offers a full suite of access management, identity governance, privileged management and identity as a service solutions and services that help businesses “Get IAM Right” while enabling business agility. Learn more by attending any of a series of One Identity hosted webinars on the topic (http://bit.ly/2eSI5wi).
About the One Identity Global State of IAM Study The One Identity Global State of IAM Study consisted of an online survey conducted by Dimensional Research of IT professionals with responsibility for IT security as a major part of their job and were very knowledgeable about IAM. A wide variety of questions were asked about experiences and challenges with IAM. A total of 913 individuals from the U.S., Canada, U.K., Germany, France, Australia, Singapore and Hong Kong completed the survey.
This report is based on the global study, and One Identity offers a free online executive summary of the data in a Key Findings Report, as well as an illustrated look at the data in an infographic. These materials can be found here.
About One Identity One Identity, a Quest Software business, helps organisations get identity and access management (IAM) right. With a unique combination of offerings including a portfolio of identity governance, access management and privileged management, and identity as a service that help organisations reach their full potential, unimpeded by security yet safeguarded against threats. One Identity has proven to be a company unequalled in its commitment to its customers’ long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data -- wherever it might reside. For more information, visit http://www.oneidentity.com.