A survey of more than 450 IT professionals by Lieberman Software found that 39% of IT staff can get unauthorised access to their organisation’s most sensitive information and one in five has already accessed data they shouldn't. 68% of respondents believe that, as an IT professional, they have more access to sensitive information than colleagues in other departments such as HR, finance and the executive team.
The survey seems to show that IT staff are aware of the additional privileges they have, but a proportion are abusing those privileges. There is also a problem in that a large percentage of organisation are not preventing access and management may not be aware of the problem and know how to prevent it.
I have come across some organisations how are using additional Acceptable User Policies (AUP) for IT and Administrators which outline in more detail the organisations expectations that those with enhanced privilege access should be more responsible in the way they use their privileges. Additionally an ethics programme may help administrators and IT staff understand what responsibility is and what the expectations of the organisations is of the IT staffs professionalism.
Previous posts on the insider threat.
No comments:
Post a Comment