Slashdot Mirror

← Back to Stories (view on slashdot.org)

88% of IT Admins Would Steal Passwords If Laid Off

Posted by ryuzaki0 on from the you-know-they-have-conjugal-visits-there dept.

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

10 of 448 comments (clear)

  1. And Cyber Ark are selling? by Colin+Smith · · Score: 5, Insightful

    Let me guess...

     

    --
    Deleted
  2. Figures Seem Inflated by dthrall · · Score: 5, Insightful

    I'm actually surprised at this claim. It would be nice if they posted some additional info, like their sample size, etc. Sorry, I just seriously can't believe that 9 out of 10 people would maliciously act in this manner. Snooping over the network out of curiosity, I'll buy that one.

  3. But... by lucky130 · · Score: 5, Insightful

    How many of them are just saying that to sound cool?

  4. Survey is Pants by Fox_1 · · Score: 5, Insightful
    nothing to see here:

    "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords'"

    Making the IT folk out to be bogeymen is great business for security pros. I'm sure there are some idiots out there, but most IT people are normal honest people like anybody in any other profession. I don't buy that we are so far off the curve, 81% is bullcrap and makes me question everything about that company and it's motivations and methods for the survey.

    --
    The rock, the vulture, and the chain
  5. Nothing to see here by Arc+the+Daft · · Score: 5, Insightful

    A firm selling data security products claims that people with access to sensitive information can't be trusted. News at 10.

  6. Re:a survey by BobMcD · · Score: 5, Insightful

    ...but something tells me when the time came to break the law they would let the opportunity slide.

    And they'd be wise to do so. Anyone who thinks that stealing such things once laid off is a bright idea just does not have a criminal mind.

    Think it through, fellas - what, exactly, do you plan to DO with this data?

    Do you intend on working in your field, ever again?

    How do you feel about seeing the inside of a federal prison??

    Seriously, lay off the power trip. It's just a fucking job. Don't screw up your ENTIRE life just because you have the password...

  7. Re:Not reasonable by MightyMartian · · Score: 5, Insightful

    A company hawking privacy management claims your IT department is filled with thieves and extortionists. Shocking, I tell you, shocking!!!!

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  8. Re:Not reasonable by Lobster+Quadrille · · Score: 5, Insightful

    Yes, it's security through obscurity, and I'm as big a fan of Schneier as anybody, but that is still no reason to give out information.

    It's no secret that with enough knowledge of the system, any system can be hacked. That alone is reason to not make knowledge of the system public information.

    To some extent, security through obscurity is absolutely necessary.

    --
    "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
  9. Re:Not reasonable by torkus · · Score: 5, Insightful

    To some extent, security through obscurity is absolutely necessary.

    Not if your systems are properly secured. Unless you consider obscurity keeping your actual password(s) secret :)

    Seriously though: most systems have some vulnerabilities and explaining the details will occasionally open the door for someone who knows more than you do. Yes, it's good to keep this information private. BUT, when designing a security system you need to work based on the assumption that an attacker knows the entire layout. Knows exactly what hardware, software, version, firmware, etc. you have exactly. Anything less is NOT a properly secured system.

    If a network is properly secured the person/group/department who designed it should not be able to gain unauthorized access

    --
    You can get rich if you own a politician, but you have to be rich to buy one in the first place.
  10. Best Revenge Ever... by IBitOBear · · Score: 5, Insightful

    ... Is being missed.

    I was vindictively fired by a total idiot. I made sure that everyone I knew at the company knew the hows and whys of my dispute (including where I _was_ at fault). I also always start grooming my replacement the first day I take a job or can identify the best guy to replace me, because who wants to be stuck in the same job forever.

    In the days following my firing I took several opportunities to talk the guy who replaced me (my friend Dan) how to lock me out of various machines and such.

    For almost eighteen months people at that job were forced to say "is a good thing (my name) made sure we had extra capacity laid in while the trench down the block was opened", or thing-x was purchased, or policy-y was in place.

    By the end of that eighteen months, the guy who had fired me had been shown to be the kind of person who he was, and he was invited to leave the company. (I was long gone and made no attempt to return.)

    If you have to "do something" to your company to make them feel the pain of your absence when you are gone, you weren't previously doing your job.

    Competence, and never looking back except to laugh, is the best revenge ever.

    --
    Innocent people shouldn't be forced to pay for inferior software development.
    --"Code Complete" Microsoft Press