Lieberman Software’s 2013 Information Security Survey reports the attitudes and opinions of IT security professionals regarding the behaviors of end-users, the state of unauthorized privileged access, and the likelihood of their own organizations withstanding cyber attacks.
- 73% of respondents would not bet $100 of their own money that their company won’t suffer a data breach in the next six months.
- 38% of IT security personnel have witnessed a colleague access company information that he or she should not have access to.
- 54% of those respondents did not report their colleagues who accessed that information.
- 32% of IT security professionals work in organizations that do not have a policy to change default passwords when deploying new hardware, applications and network appliances to the network.
- 81% of IT security staff think that staff tend to ignore the rules that IT departments put in place.
- 76% of IT personnel think that employees in their organization have access to information that they don’t necessarily needto perform their jobs.
- 65% of respondents think that they have more access to sensitive information than colleagues in other departments.
These results suggest that even though most IT professionals are aware of the level of access they have to systems which may contain sensitive data, many organizations either cannot or will not control and audit this access. The high number of staff who are thought to ignore IT directives could stem from willful negligence on the part of end-users, or the lack of proper internal security training. When these findings are taken together, respondents’ lack of confidence in the ability of their organizations to withstand a data breach is hardly surprising.
About the 2013 Information Security Survey
The survey queried nearly 250 IT security professionals attending RSA Conference 2013 in San Francisco. Respondents were from all major vertical market segments. 48% of respondents work in organizations with at least 1,000 employees.
About Lieberman Software
Lieberman Software is a leader in the privileged identity management market. Its flagship product Rapid Enterprise Defense (RED) Identity Management automatically locates and continuously audits privileged accounts throughout the enterprise, and regularly provides each account with unique and complex credentials. RED Identity Management ensures that only authorized and audited personnel can access sensitive systems, with an approved purpose, for a limited time.