Surveys reveal security flaws at the heart of company infrastructures

Do you know who's been looking at your data? The answer could worry you

Do you know who's been looking at your personal data? There could be a lot more people than you think according to two new surveys.

According to research from Venafi, IT staff were better placed than CEOs when it came to accessing sensitive data. The Venafi survey found that 65 percent of companies thought IT staff had easiest access to data, even beating CEOs – just 30 percent of companies thought the boss had the best access to sensitive information.

What’s worse is that it appears the IT staff are ready to abuse that that power. According to a separate survey from Lieberman Software,  a quarter of all IT security staff abused their privileges to look at confidential documents. The survey revealed that items looked at by the nosy techies were redundancy lists, payroll information and Christmas bonus details. 

The Lieberman survey also revealed that companies were not hot when it came to security procedures. According to the research, 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations.

The Venafi survey also revealed lax security procedures. According to the Venafi findings, 23 percent of respondents thought that if the person responsible for managing an organisation’s encryption keys were to leave, they would not have access to valuable, encrypted data. This has had repercussions for enterprises: 24 percent of respondents to the Venafi survey said that the fear of losing keys had prevented them from investing in encryption technology.

Representatives from both companies expressed their concerns that businesses were not addressing security concerns effectively. Philip Lieberman, president and CEO of Lieberman Software said: “Our survey shows that senior management at some of the largest organisations are still not taking the management of privileged access to their most sensitive information seriously. When someone can admit that they have unsupervised, unaudited and unauthorised access to all their colleague’s and superior’s bonus details then the IT security of that organisation is seriously flawed.”

And Venafi’s CEO, Jeff Hudson said, “Encryption is the last line of defense in protecting data against loss or compromise. Companies are finding out how important encryption is when they have experienced a huge data breach because they weren’t using encryption.  Then they find out that when they deploy encryption they have another big problem and that is managing the encryption keys.” 

Read more about:

Sign up for our free newsletter