Nearly 50% of HK infosec pros guilty of corporate snooping

Based on a recent global survey by Dimensional Research and One Identity, Hong KA remarkable 95% of Hong Kong companies polled in a recent global survey said their employees have tried accessing information that is not necessary for their day-to-day work, with 26% of companies admitting this behavior happens frequently.

Most alarming of the results showed that IT security professionals themselves are among the worst offenders of corporate data snooping. In Hong Kong, nearly half or 45% of IT security professionals admitted to accessing sensitive information about their company’s performance, apart from what is required to do for their job.

These were two of the key findings by Dimensional Data in the survey of over 900 IT professionals from United States, United Kingdom, Germany, France, Australia, Hong Kong and Singapore.

It was conducted on behalf of Identity Access Management provider One Identity, and it looked into the trends and challenges related to managing employee access to corporate data.

The survey did not ask what these infosec pros with the data that they have snooped and whether they have gained any monetary profit from them.

“The survey did not investigate this. We made a decision together with Dimensional Research to design the survey with questions that ensure respondents would be comfortable with answering truthfully. While interesting to know the factual trends, such a line of questioning will widen the margin of error of our survey, and possibly also affect the accuracy of subsequent responses,” Lennie Tan, vice president and general manager, One Identity, Asia Pacific & Japan, told Computerworld Hong Kong.

“The worrying takeaway is whether there is a link between the prevalence of corporate data snooping to the growing incidents of data breaches in the market. The ramifications of corporate data snooping are significant, ranging from the leakage of sensitive company information, non-compliance with regulations that require close control over information – which carries heavy penalties in Hong Kong – to the inappropriate use of acquired information for personal gain,” he added.

Tan noted that the survey results highlighted the importance for companies to be vigilant in their evaluation of privileged accounts to avoid running the risk of putting critical company sensitive data in the wrong hands.

“Most professionals are aware of best practices regarding privileged account management, however there is a gap between compliance to these values,” he said.

“More importantly, considering the prevalence of snooping, it’s crucial for companies to reassess the levels of security they currently have, and the levels they need to have.”