One Identity has released new global research revealing that the majority of employees are deliberately seeking out information they are not permitted to access, exposing a major ‘snooping’ problem among today’s workforce.
The survey, conducted by Dimensional Research, polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key findings, a significant 92 per cent of respondents report that employees at their organisations try to access information that is not necessary for their day-to-day work, with nearly one in four (23%) admitting this behavior happens frequently.
Most alarmingly, the report indicates that IT security professionals themselves are among the worst offenders of corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work, indicating ongoing abuse of elevated rights attributed to the IT security role. Other findings related to IT security professionals’ snooping behaviour include:
- 36% of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
- 71% of executives admit to seeking out extraneous information, compared to 56% of non-manager-level IT security team members
- 45% of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17% of non-manager team members.
- 38% of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29% of professionals at companies with more than 5,000 employees.
- 44% percent of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36% in financial services, 31% in manufacturing, and 21% in healthcare.
John Milburn, President and General Manager of One Identity said, “while insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility – and it could be that meddling that ends up putting their employers in hot water. Without proper governance of access permissions and rights, organisations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business’s reputation or financial standing.”
Learn more by attending any of a series of One Identity hosted webinars on the topic.