Page 1 of 2
Many employees in the modern workplace simply assume their electronic communications are being read by IT administrators. A new study released Thursday by IT security firm Cyber-Ark Software shows that those assumptions aren't too far off base.
The survey of 300 senior IT professionals at mid-market and enterprise firms yielded the disturbing news that a third admit that they or fellow administrators have "used the admin password to get at information that is otherwise confidential or sensitive," while nearly half say they have "accessed information on a system that was not relevant" to their jobs.
Presenting the results of their annual "Trust, Security and Passwords" at the recent Infosecurity Expo in London, Newton, Mass.-based CyberArk stressed the scandal of the two questions concerning snooping by IT staff, but the bulk of the study concerns more mundane areas of data leakage prevention such as the frequency with which passwords are changed on computer networks.
The results of the survey weren't surprising, said Adam Bosnian, VP of products and sales at CyberArk.
"With all the power and access these admins have, and then add in that with their privileged access they're anonymous, the temptation is enormous for this sort of activity," Bosnian said. "And these are not low-level guys. These are the guys running IT administration at their companies. So what emerges from this is that companies can't afford to just blindly trust their IT admins."
But color at least one IT security expert skeptical about the results of the CyberArk survey. Tom McArthur, president of Weston, Mass.-based IT security service provider Storbase, wonders if the vagueness of the "snooping" questions might have skewed the responses.
"Clearly, IT administrators need this access [to private data on their company's network]," McArthur told ChannelWeb. "The question I have is how they posed these questions about snooping. Are they really snooping or just doing their jobs?"
McArthur said reasons an IT administrator might need to access otherwise private data on mediums such as e-mail range from searching for missing or poorly archived messages to their responsibilities to maintain compliance at companies that have an official acceptable use policy.
"It's not uncommon for e-mail admins to set up an acceptable use policy and they'll monitor that. And it's completely legitimate in my mind," he said. "Now I have heard some of the IT guys I know have a chuckle about what they find, you know, 'We caught them saying this or that,' but it's not 'snooping' because it's company policy."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
