FRANKFURT (Reuters) - One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues’ salary details, personal emails or board-meeting minutes, according to a survey.
U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
“All you need is access to the right passwords or privileged accounts and you’re privy to everything that’s going on within your company,” Mark Fullbrook, Cyber-Ark’s UK director, said in a statement released along with the survey results on Thursday.
“For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those ‘in the know’ they are the keys to the kingdom,” he added.
Cyber-Ark said privileged passwords get changed far less frequently than user passwords, with 30 percent being changed every quarter and 9 percent never changed at all, meaning that IT staff who have left an organization could still gain access.
It added that seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data, with 35 percent choosing email and 35 percent using couriers, while 4 percent still relied on the postal system.
Reporting by Georgina Prodhan