One Identity Research Exposes Major Problem
with Employees Snooping on the Corporate Network
with Employees Snooping on the Corporate Network
● Global survey of over 900 IT security
professionals indicates that employees are seeking out, and finding,
information that is irrelevant to their jobs
professionals indicates that employees are seeking out, and finding,
information that is irrelevant to their jobs
● Ninety-four percent of respondents in
Singapore report that employees attempt to access information they do not need
for their day-to-day work
Singapore report that employees attempt to access information they do not need
for their day-to-day work
● Nearly two in three (66 percent) IT security
professionals admit they have specifically sought out or accessed company
information they didn’t need
professionals admit they have specifically sought out or accessed company
information they didn’t need
SINGAPORE – October
19, 2017 – One Identity, a proven leader in helping organizations get
identity and access management (IAM) right, today released new global
research revealing that the
overwhelming majority of employees are deliberately seeking out information
they are not permitted to access, exposing a major “snooping” problem among
today’s workforce. The survey, conducted by Dimensional Research, polled more
than 900 IT security professionals on trends and challenges related to managing
employee access to corporate data. Among key findings, a remarkable 94 percent
of respondents in Singapore report that employees at their organizations try to
access information that is not necessary for their day-to-day work – with 16
percent admitting this behavior happens frequently.
19, 2017 – One Identity, a proven leader in helping organizations get
identity and access management (IAM) right, today released new global
research revealing that the
overwhelming majority of employees are deliberately seeking out information
they are not permitted to access, exposing a major “snooping” problem among
today’s workforce. The survey, conducted by Dimensional Research, polled more
than 900 IT security professionals on trends and challenges related to managing
employee access to corporate data. Among key findings, a remarkable 94 percent
of respondents in Singapore report that employees at their organizations try to
access information that is not necessary for their day-to-day work – with 16
percent admitting this behavior happens frequently.
Most
alarmingly, the report indicates that IT security professionals themselves are
among the worst offenders of corporate data snooping. One in three respondents
globally admit to having accessed sensitive information that is not necessary
for their day-to-day work – indicating ongoing abuse of elevated rights attributed
to the IT security role. Other findings related to IT security professionals’
shocking snooping behavior include:
alarmingly, the report indicates that IT security professionals themselves are
among the worst offenders of corporate data snooping. One in three respondents
globally admit to having accessed sensitive information that is not necessary
for their day-to-day work – indicating ongoing abuse of elevated rights attributed
to the IT security role. Other findings related to IT security professionals’
shocking snooping behavior include:
● Company performance information is a hot
commodity: Nearly half (47
percent) of IT pros in Singapore admit to looking for or accessing sensitive
information about their company’s performance, apart from what is required to
do for their job.
commodity: Nearly half (47
percent) of IT pros in Singapore admit to looking for or accessing sensitive
information about their company’s performance, apart from what is required to
do for their job.
● IT security executives are the guiltiest by
level: Globally,
seventy-one percent of executives admit to seeking out extraneous information,
compared to 56 percent of non-manager-level IT security team members.
Additionally, 45 percent of executives admit to snooping for or accessing
sensitive company performance information specifically, compared to just 17
percent of non-manager team members.
level: Globally,
seventy-one percent of executives admit to seeking out extraneous information,
compared to 56 percent of non-manager-level IT security team members.
Additionally, 45 percent of executives admit to snooping for or accessing
sensitive company performance information specifically, compared to just 17
percent of non-manager team members.
● The smaller the company, the bigger the
snoop: Globally, thirty-eight percent of IT security professionals at
companies with 500-2,000 employees admit to looking for or accessing sensitive
performance data, versus 29 percent of professionals at companies with more
than 5,000 employees.
snoop: Globally, thirty-eight percent of IT security professionals at
companies with 500-2,000 employees admit to looking for or accessing sensitive
performance data, versus 29 percent of professionals at companies with more
than 5,000 employees.
● Workers in technology companies most likely to
go on a sensitive information hunt: Globally, forty-four percent of respondents working for
technology companies admit to searching for sensitive company performance
information, compared to 36 percent in financial services, 31 percent in
manufacturing, and just 21 percent in healthcare.
go on a sensitive information hunt: Globally, forty-four percent of respondents working for
technology companies admit to searching for sensitive company performance
information, compared to 36 percent in financial services, 31 percent in
manufacturing, and just 21 percent in healthcare.
“Businesses across the
Asia Pacific region need to realize that potential cyber threats are not only
coming from the outside of their organization,” said Lennie Tan, Vice President
& General Manager, One Identity, Asia Pacific & Japan. “The alarming
results of our study prove that employees in Singapore have a free reign to
access sensitive information including financial performance data, confidential
customer documentation, or even CEO’s personal files. Meddling with
confidential information, even if it is non-malicious in intent, could lead to
a serious damage to the business’s reputation and financial standing.”
Asia Pacific region need to realize that potential cyber threats are not only
coming from the outside of their organization,” said Lennie Tan, Vice President
& General Manager, One Identity, Asia Pacific & Japan. “The alarming
results of our study prove that employees in Singapore have a free reign to
access sensitive information including financial performance data, confidential
customer documentation, or even CEO’s personal files. Meddling with
confidential information, even if it is non-malicious in intent, could lead to
a serious damage to the business’s reputation and financial standing.”
Managing Snooping
& Other Access-based Threats
& Other Access-based Threats
Results released today reinforce a general
finding prevalent within One Identity’s Global State of IAM Study: Companies
are not adhering to basic identity and access management (IAM) best practices.
In the case of employee snooping, role-based access control and strict
governance of rights and permissions can help prevent potential bad actors from
accessing confidential or sensitive information. With regard to snooping done
by IT security professionals specifically, organizations can leverage identity
intelligence to identify who has elevated rights and help pinpoint exactly
where abuse of those rights is occurring to address this behavior.
Additionally, a separate report based
on the global study recently found that best practices around removing inactive
accounts, revoking access to ex-employees, and updating rights of employees
whose roles have changed are also overwhelmingly poorly applied.
finding prevalent within One Identity’s Global State of IAM Study: Companies
are not adhering to basic identity and access management (IAM) best practices.
In the case of employee snooping, role-based access control and strict
governance of rights and permissions can help prevent potential bad actors from
accessing confidential or sensitive information. With regard to snooping done
by IT security professionals specifically, organizations can leverage identity
intelligence to identify who has elevated rights and help pinpoint exactly
where abuse of those rights is occurring to address this behavior.
Additionally, a separate report based
on the global study recently found that best practices around removing inactive
accounts, revoking access to ex-employees, and updating rights of employees
whose roles have changed are also overwhelmingly poorly applied.
One Identity is committed to helping
organizations eradicate these ongoing challenges, and offers a full suite of
access management, identity governance, privileged management and identity as a
service solutions and services that help businesses “Get IAM Right” while
enabling business agility. Learn more by attending any of a
series of One Identity hosted webinars on the topic (http://bit.ly/2eSI5wi).
organizations eradicate these ongoing challenges, and offers a full suite of
access management, identity governance, privileged management and identity as a
service solutions and services that help businesses “Get IAM Right” while
enabling business agility. Learn more by attending any of a
series of One Identity hosted webinars on the topic (http://bit.ly/2eSI5wi).
About the One Identity
Global State of IAM Study
Global State of IAM Study
The One Identity
Global State of IAM Study consisted of an online survey conducted by
Dimensional Research of IT professionals with responsibility for IT security as
a major part of their job and were very knowledgeable about IAM. A wide variety
of questions were asked about experiences and challenges with IAM. A total of
913 individuals from the U.S., Canada, U.K., Germany, France, Australia,
Singapore and Hong Kong completed the survey.
Global State of IAM Study consisted of an online survey conducted by
Dimensional Research of IT professionals with responsibility for IT security as
a major part of their job and were very knowledgeable about IAM. A wide variety
of questions were asked about experiences and challenges with IAM. A total of
913 individuals from the U.S., Canada, U.K., Germany, France, Australia,
Singapore and Hong Kong completed the survey.
This report is based
on the global study, and One Identity offers a free online executive summary of
the data in a Key Findings Report, as well as an illustrated look at the data
in an infographic. These materials can be found here.
on the global study, and One Identity offers a free online executive summary of
the data in a Key Findings Report, as well as an illustrated look at the data
in an infographic. These materials can be found here.
About One Identity
One
Identity, a Quest Software business, helps organizations get
identity and access management (IAM) right. With a unique combination of
offerings including a portfolio of identity governance, access management and
privileged management, and identity as a service that help organizations reach
their full potential, unimpeded by security yet safeguarded against threats.
One Identity has proven to be a company unequalled in its commitment to its
customers’ long-term IAM success. More than 7,500 customers worldwide depend on
One Identity solutions to manage more than 125 million identities, enhancing
their agility and efficiency while securing access to their data — wherever it
might reside. For more information, visit http://www.oneidentity.com.
Identity, a Quest Software business, helps organizations get
identity and access management (IAM) right. With a unique combination of
offerings including a portfolio of identity governance, access management and
privileged management, and identity as a service that help organizations reach
their full potential, unimpeded by security yet safeguarded against threats.
One Identity has proven to be a company unequalled in its commitment to its
customers’ long-term IAM success. More than 7,500 customers worldwide depend on
One Identity solutions to manage more than 125 million identities, enhancing
their agility and efficiency while securing access to their data — wherever it
might reside. For more information, visit http://www.oneidentity.com.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!