One third of IT professionals have admitted to accessing highly confidential information, including salary details, merger or acquisitions plans, personal emails, board meeting minutes and other personal information, according to new survey by Cyber-Ark Software,” Trust, Security and Passwords.”

When asked if they had accessed information not relevant to their jobs 47 percent admitted they had.

The survey found that privileged passwords get changed infrequently and often less than user passwords. Thirty percent are changed every quarter and 9 percent never get changed, giving indefinite access to those who know passwords, even when they are no longer with an organization.

Half of It administrators do not have to get authorization to access privileged accounts which indicates a general lack of control and understanding over the power of such privileges.

“For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those ‘in the know’ they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power,” said Mark Fullbrook, UK Director of Cyber-Ark.

“Companies need to wake up to the fact that if they don’t introduce layers of security and tighten up who has access to vital information, by managing and controlling privileged passwords, snooping, sabotage and hacking will continue.”

This entry was posted on Friday, June 20th, 2008 at 9:05 pm and is filed under Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.