Dubai, UAE – 7 December, 2017 —One Identity, a Quest Software business specializing in Identity and Access Management (IAM), today released results of a global survey on employee ‘snooping’ habits on their respective company networks at their places of work. Overwhelmingly, the results indicated that when given the opportunity to look through sensitive company data that an employee may not have access to, the likelihood to attempt access is high.
The survey results bust a common myth held by among many that data is safe when it’s on a company network and in the hands of its trusted employees, and that it’s the outsiders and hackers that companies should build protection against. While the latter is certainly true, the survey results show that the majority of all employees—even those within the ranks of IT security groups, the C-suite and beyond—are intrusively meddling when given the opportunity
The global survey conducted across the U.S., U.K., Germany, France, Australia, Singapore and Hong Kong obtained over 900 respondents from various professional levels. Further, 28% respondents were from large enterprises (over 5,000 employees), another 28% from mid-sized enterprises (2,000—5,000 employees), and the rest from organizations with less than 2,000 employees. Of all survey respondents, a staggering 87% had privileged access at the workplace, and also had a level of responsibility for security at their workplaces.
A staggering 92% of respondents stated that employees at their company attempt to access information that they do not need for the execution of their jobs. Accessing sensitive data, such as employee salaries for instance could cause disharmony and disruption at the workplace, while confidential information on company financial data or future strategic plans if shared with competitors could be catastrophic for the business as a whole.
However, a worrying result indicates 66% of security professionals have tried to access information they did not need. This means not only are they attempting to access that information, but in many cases, they are actually obtaining access and ultimately abusing that privilege.
The survey results also revealed that executives are more likely to attempt unauthorized access than managers or front-line workers. As alarming as these findings are—and organizations should be alarmed—implementing best practices around identity and access management such as, role-based access rights and permissions, and applying identity analytics to spot any signs of unusual access behavior can help organizations safeguard themselves from letting sensitive data fall into the wrong hands.