IT managers often think of insider threats as a rare occurrence in which a disgruntled employee sabotages systems or steals data. But cases of employees abusing their access privileges may be much more common than organizations are prepared for.
In fact, 20% of IT pros admit to accessing data they know they shouldn’t see, according to a recent survey from security firm Lieberman Software. That includes confidential information about the company’s executives and the CEO’s private documents.
In most cases, that snooping was likely done more out of curiosity than malicious intent, but it still means highly confidential information is being seen by people without authorization, which increases the chances it will fall into the wrong hands.
And it’s possible that a curious IT staffer could turn into a serious insider threat in certain circumstances – for example, 11% of the survey respondents said if they were laid off tomorrow, they would be able to bring sensitive data out the door with them. And nearly a third said management wouldn’t know how to stop them.
IT has biggest insider threat risk
One big factor behind the risk of an insider threat in the IT department: Many companies aren’t doing enough to restrict tech employees’ access to sensitive info. IT employees often have the highest level of access to sensitive data – among the 450 IT pros surveyed, 68% said they could access more sensitive data than their company’s HR manager, finance employees and even executive team.
Despite the amount of sensitive data available to IT employees, tech departments may not be managing access privileges as well as they could be, as 40% of IT pros said they know they can access data they shouldn’t.
What can IT managers do to reduce the risk of an insider threat in their department? Lieberman Software offers some advice:
- Keep an updated list of all the privileged accounts that exist on the company’s network so you can easily audit who has access to what
- Enforce a policy of providing the least amount of access that employees need to get their jobs done — that includes staying up-to-date and removing access rights as roles change, and
- Monitor the use of log-in accounts to look for any suspicious use of access privileges.