Corporate Network Snooping, in a security context, is gaining or trying to gain unauthorized access to another employee’s or the company’s data, that may not necessarily pertain to the job.
A recent survey of 913 individuals conducted by One Identity revealed shocking statistics about employee snooping on corporate networks. The results are unnerving because the number of employees across countries and sectors is very large, and majority of the respondents admit to have indulged in some snooping themselves.
While the survey respondents constituted primarily of individuals from the USA (34%), respondents from other regions were represented well enough (Hong Kong: 11%, Singapore: 11%, Australia: 11%, France: 11%, Germany: 11% and United Kingdom: 11%). Varying company sizes were included, with companies having 500-2000 employees at 44%, 2000-5000 at 28%, and more than 5000 employees at 28%.
Of those surveyed, majority were team managers (45%), which ensured that relevant people in the organization who could observe employee behavior made up the bulk of the sample. Executives were also represented at 35% and ‘individual contributors’ were at 20%.
The individuals also, by a majority, already had privileged account access (87%), which makes it even more alarming that they felt the need to snoop the corporate network for more data despite their elevated access. This scenario uncovers behavioral trends towards snooping that are psychological in nature, and therefore must be addressed at the security level rather than in any other way.
When asked the question, “In your experience, do EMPLOYEES ever attempt to access information that is not necessary for their day-to-day work?”, 69% said “Rarely, but it happens”,
23% said “Yes, this happens frequently”, and only 8% said “No, they never even try.” This places 92% of employees in the ‘potential insider threats’ category, which is a huge percentage. When asked instead the question, “Have YOU ever attempted to access information that is not necessary for your day-to-day work”, the numbers again favored snooping. (51%) responded “Rarely, but I have done it” and (15%) replied “Yes, I do this frequently”.
Critical performance data is regularly compromised as well. More than 1 in 3 (36%) respondents replied ‘Yes’ to the question “Have you ever looked for or accessed sensitive
information about your company’s performance, apart from what you are required to do as part of your job?” Such statistics could spell disaster for any business, regardless of whether it is a large enterprise, a midmarket organization or a startup. Data breaches are expensive, but performance related breaches more so. These can threaten the very survival of any business.
The situation clearly demands attention. How can one reduce the threat of insider corporate network snooping?
Identity and Access Management (IAM) is the answer. Role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information. Organizations can leverage identity intelligence and privileged access management to identify employees who have been granted elevated rights and pinpoint exactly where abuse of those rights is occurring.
Cross Identity CI offers a comprehensive solution that allows role-based access control, governance, and risk metrics powered technology to identify privileged accounts. It is the only solution in the industry to offer Single Sign-on, Multi Factor Authentication, Enterprise Class Password Management, Access Recertification, and all essential IAM components that most businesses require to secure themselves against insider threats. Tight integration with Privileged Access Management ensures elevated access are not misused and helps with timely access revocation on role change or employee exit. CI is also the most economical on the market and requires a single purchase for both Access Management and Identity Governance features. Most other products offer only one or the other, which increases complexity and cost. Multiple pricing options like perpetual license, subscription, or on a pay-as-you-consume model, are also an industry first.
The solution was built from the ground up to solve REAL customer challenges. Other vendors provide ‘one-size-fits-all’ solutions and try to place ‘square pegs in round holes’. They also try to bundle the best-selling features, while losing sight of existing customer challenges. For instance, Cross Identity offers the world’s only ‘thick-client Single Sign-on’ possibility, which is a common challenge among customers. Other vendors might offer the latest technologies available in the domain, such as adaptive authentication, but miss out on foundational features. The reason is that they engineer what sells, rather than what is needed to solve customer problems.
Talk to us for a free assessment of your current state of IAM and discuss how CI can help prevent Corporate Network Snooping and potential insider threats in your organization.