Survey Reveals Scandal of Snooping IT Staff

A Third of IT Staff Secretly Peek at Confidential Company
                              Information
NEWTON, Mass.--(Business Wire)--
Whilst you sit there innocently working away, little do you
realize that a third of your IT colleagues have been snooping around
the network, looking at highly confidential information, such as
salary details, M & A plans, people's personal emails, board meeting
minutes and other personal information. That's the findings of a
survey released today by Cyber-Ark(R) Software, specialists in
privileged identity management and digital vaulting solutions, who
carried out the research at the recent Infosecurity Expo 2008, amongst
300 senior IT professionals (mainly from companies employing over
1000+ employees), as part of their annual survey into "Trust, Security
and Passwords". One third of the survey sampled admitted to using
their privileged rights to access information that is confidential or
sensitive by using the administrative passwords as a means of peeking
at information that they are not privy to.

   Ever Wonder What Your IT Department is Up To?

   When asked if they had accessed information that was not relevant
to their role 47 percent admitted they had!

   Mark Fullbrook, UK Director of Cyber-Ark says "When it comes down
to it, IT has essentially enabled snooping to happen! It's easy - all
you need is access to the right passwords or privileged accounts and
you're privy to everything that's going on within your company. Gone
are the days when you had to photocopy sheets of information with your
customer database on it, or pick the lock to the salaries drawer! In
some organizations there is little understanding or lack of controls
in place to manage workers access to systems. For most people,
administrative passwords are a seemingly innocuous tool used by the IT
department to update or amend systems. To those "in the know" they are
the keys to the kingdom and if unprotected or fall into the wrong
hands wield a great deal of power. This could include highly sensitive
information such as merger plans, the CEO's emails, company accounts,
marketing plans, legal records, R & D plans etc."

   "Imagine when a competitor gets hold of these passwords or a
disgruntled employee, they can quietly and anonymously wreak havoc
right under everyone's nose, and even more unassumingly, a user can
inadvertently grant access to privileged information. Look what Mr.
Kerviel at Societe Generale got up to - he allegedly used his
back-office rights to anonymously access the systems to get at
information that he was not party to," commented Fullbrook.

   Privileged Passwords Rarely Get Changed

   Even more worrying is the fact that privileged passwords get
changed infrequently and often a lot less than user passwords. Thirty
percent get changed every quarter and a staggering 9 percent never get
changed, giving access indefinitely to all those who know the
passwords, even when they've left the organization.

   Who's Managing the Privileged Passwords?

   Half of IT administrators do not have to get authorization to
access privileged accounts which shows a general lack of control of
these power identities and indeed understanding over the power that
these privileges command.

   Majority are Sloppy at Handling and Exchanging Sensitive Data

   Seven out of 10 companies rely on out-dated and insecure methods
to exchange sensitive data when it comes to passing it between
themselves and their business partners with 35 percent choosing to
email sensitive data, 35 percent sending it via a courier, 22 percent
using FTP and 4 percent still relying on the postal system. This
shouldn't be any big surprise when you learn that 12 percent of these
senior IT personnel who were interviewed also choose to send cash in
the mail!

   Fullbrook continues, "As we have seen many use their privileged
passwords without having to seek authorization, and if the price is
right what's stopping them from choosing to trade information to the
highest bidder. Companies need to wake up to the fact that if they
don't introduce layers of security and tighten up who has access to
vital information, by managing and controlling privileged passwords,
snooping, sabotage and hacking will continue."

   For more information about this survey or to interview Cyber-Ark
on their findings contact Kim Baker at 978-474-1900 or email
cyber-ark@pancomm.com

   About Cyber-Ark

   Cyber-Ark(R) Software is the leading provider of Privileged
Identity Management (PIM) solutions for securing privileged user
accounts and highly-sensitive information across the enterprise. Long
recognized as an industry innovator for its patented Vaulting
Technology(R), Cyber-Ark's digital vault products include: The
Enterprise Password Vault(TM) for the secure management of
administrative, application and privileged user passwords; the
Inter-Business Vault(R), a secure infrastructure for cross-enterprise
data exchange of highly-sensitive information, and the Sensitive
Document Vault(TM) for secure storage and management of
highly-sensitive documents. Cyber-Ark's Vaulting platform has been
tested by ICSA Labs, an independent division of Cybertrust and the
security industry's central authority for research, intelligence, and
certification testing of security products. Cyber-Ark's award-winning
technology is deployed by more than 400 global customers, including
100 of the world's largest banks and financial institutions.
Headquartered in Newton, MA, Cyber-Ark has offices and authorized
partners in North America, Europe and Asia Pacific. For more
information, visit www.cyber-ark.com

PAN Communications
Kim Baker, 978-474-1900
Cyber-ark@pancomm.com

Copyright Business Wire 2008