Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Insider Snooping Becoming More Common

To a hammer, everything looks like a nail. And to an information security company, everyone looks like a thief.

In its third annual survey of IT professionals, Newton, Mass.-based security information company Cyber-Ark has found that more than a third of IT personnel have used their IT admin powers to access sensitive corporate information without authorization.

The 400-person survey also found that almost three out of four respondents acknowledged being able to circumvent information access controls at their workplace. This isn't entirely surprising given that these same IT admins probably had a hand in setting up or maintaining these controls.

And really, there's something breathless about such findings. A similar percentage of respondents would probably acknowledge being able to stab co-workers with a pen. But being able to do so isn't the same as possessing an interest in doing so or exercising that ability.

According to Cyber-Ark, the recent economic decline has coincided with an increase in the number of respondents who say that they would take corporate data with them if they were fired. When respondents were asked "What would you take with you," six times as many (47%) as in 2008 said they would take financial reports or merger and acquisition plans, and four times as many (46%) as in 2008 said they'd take CEO passwords and R&D plans.

It may be however that a survey question of this sort amounts to push-polling -- asking a question to elicit a particular response. Asking "What would you take with you" presumes a willingness to steal that may not exist and makes the act of stealing seem like an expectation.

Certainly, there's a risk from insiders, particularly among those who've been fired. The survey notes that 1 in 5 companies acknowledged being affected by insider sabotage or IT security fraud. The risk is real. But there's risk, too, in believing your IT staff is out to get you.

InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).