Cyber-Ark Software, a U.S.-based information security company, surveyed information technology professionals at the Infosecurity Europe Expo 2008 in London this past April. They asked 300 senior IT folks attending the Expo about abuses relating to information access, and guess what they found? First, about one-third of all IT professionals surveyed abused their own company’s information access rights policies to view information unrelated to their job (e.g., spying on employees or looking at confidential information). The survey report noted that passwords of IT and systems oversight staff often aren’t required to be changed as often as user passwords—or sometimes not at all. In most cases, IT administrators have free reign to use or abuse access privileges— which apparently happens too often.
The notion of “internal firewalls” is highlighted by this report. While companies often take great pains to protect themselves from external threats, as history has shown us in the physical world, the biggest dangers are from “inside jobs.” Without protections that apply internally, snooping, economic espionage, sabotage, spying and data security risks will remain a looming threat to the information assets of a business enterprise.