One in Three IT Professionals Snoops

Are you friends with the IT staff at your company? You probably should be. According to a study released Thursday by U.S. information security company Cyber-Ark, a survey of 300 senior IT professionals showed that one-third of them admitted to abusing their administrative rights and snooping where they shouldn't.

At the same time, 47% said they had accessed information that was not relevant to their role. So, I guess these felt it wasn't abuse, but it wasn't something they absolutely needed to do.

The survey was part of Cyber-Ark's annual study titled “Trust, Security and Passwords."

Of course, this shouldn't come as a surprise. Absolute power corrupt absolutely, and all that. I think this would be an excellent question for Fox's Moment of Truth show, if they ever get an IT staffer on an episode.

Anyway, in a statement released with the study, Mark Fullbrook, Cyber-Ark's UK director, said:

"All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company. For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those 'in the know' they are the keys to the kingdom."

Well, yeah. Duh.

Worse, the study said privileged passwords are changed far less frequently than user passwords. 30% are changed every quarter; 9% are never changed at all. So that IT staffer you just fired: he may still have access.

My question is: of the two-thirds of IT staffers who said they didn't abuse their access, how many of them would still be able to say that if hooked up to a Moment of Truth lie detector?