One in three information technology professionals abuses
administrative passwords to access confidential data such as
colleagues’ salary details, personal emails or board-meeting minutes,
according to a survey.
U.S. information security company Cyber-Ark surveyed 300 senior IT
professionals, and found that one-third admitted to secretly snooping,
while 47 percent said they had accessed information that was not
relevant to their role.
"All you need is access to the right passwords or privileged
accounts and you’re privy to everything that’s going on within your
company," Mark Fullbrook, Cyber-Ark’s UK director, said in a statement
released along with the survey results on Thursday. "For most people, administrative passwords are a seemingly innocuous
tool used by the IT department to update or amend systems. To those ‘in
the know’ they are the keys to the kingdom."
Cyber-Ark said privileged passwords get changed far less frequently
than user passwords, with 30 percent being changed every quarter and 9
percent never changed at all, meaning that IT staff who have left an
organization could still gain access.
It added that seven out of 10 companies rely on outdated and
insecure methods to exchange sensitive data, with 35 percent choosing
email and 35 percent using couriers, while 4 percent still relied on
the postal system.
