One Identity, a Quest Software business specialising in Identity and Access Management (IAM), has released results of a global survey on employee ‘snooping‘ habits on their respective company networks at their places of work. Overwhelmingly, the results indicated that when given the opportunity to look through sensitive company data that an employee may not have access to, the likelihood to attempt access is high.
The One Identity survey results bust a common myth held by among many that data is safe when it’s on a company network and in the hands of its trusted employees, and that it’s the outsiders and hackers that companies should build protection against. While the latter is certainly true, the survey results show that the majority of all employees—even those within the ranks of IT security groups, the C-suite and beyond—are intrusively meddling when given the opportunity
The global survey conducted by One Identity across the US, UK, Germany, France, Australia, Singapore and Hong Kong obtained over 900 respondents from various professional levels. Further, 28 percent respondents were from large enterprises (over 5,000 employees), another 28 percent from mid-sized enterprises (2,000—5,000 employees), and the rest from organisations with less than 2,000 employees. Of all survey respondents, a staggering 87 percent had privileged access at the workplace, and also had a level of responsibility for security at their workplaces.
A staggering 92 percent of respondents stated that employees at their company attempt to access information that they do not need for the execution of their jobs. Accessing sensitive data, such as employee salaries for instance could cause disharmony and disruption at the workplace, while confidential information on company financial data or future strategic plans if shared with competitors could be catastrophic for the business as a whole.
However, a worrying result indicates 66 percent of security professionals have tried to access information they did not need. This means not only are they attempting to access that information, but in many cases, they are actually obtaining access and ultimately abusing that privilege, said the firm.
The survey results also revealed that executives are more likely to attempt unauthorised access than managers or front-line workers. As alarming as these findings are—and organisations should be alarmed—implementing best practices around identity and access management such as, role-based access rights and permissions, and applying identity analytics to spot any signs of unusual access behavior can help organisations safeguard themselves from letting sensitive data fall into the wrong hands.