88% of IT Admins Would Steal Passwords If Laid Off

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

Reminds me of the old joke...

[by Anonymous Coward]

99% of men masturbate. The other 1% are lying.

Not reasonable

[linear a (584575)]

Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

Re:Not reasonable

[MagusSlurpy (592575)]

Sounds like an unreasonable estimate to me.

I would be much more interested in the percentage that has already stored such information just in case such an eventuality occurred.

Re:Not reasonable

[MightyMartian (840721)]

A company hawking privacy management claims your IT department is filled with thieves and extortionists. Shocking, I tell you, shocking!!!!

Re:Not reasonable

[diskis (221264)]

I store my passwords on yellow post-it notes next to the computer. Never seen a sysadmin getting out of the basement, so I assume my passwords are safe.

Re:Not reasonable

[Lobster Quadrille (965591)]

It's off topic, but please tell me more about your IT infrastructure. I promise to to do anything bad with it.

I am constantly amazed at how willing people are to tell you how to attack their own systems, particularly on Slashdot, where simply implying somebody is doing poorly will practically get you full description, network maps, and vulnerability reports.

Similarly, I was talking to a friend in the Army the other day about IT security, and he told me that he didn't think I could attack his unit's systems, then went into a long discussion about what protections are in place. Out of curiosity, I decided to find out what I could learn. He only clammed up when I started probing for specifics about password policies on a particular device.

People: please don't tell anybody about your IT configuration. At least not on a public forum like /. Admittedly, a lot of it is easy to find out other ways, but that's no reason to give that information out.

a survey

[Joe the Lesser (533425)]

Yea, and I'm training to be a cage fighter.

More like 88% of IT Admins like to say they would steal CEO passwords if laid off, but something tells me when the time came to break the law they would let the opportunity slide.

Re:a survey

[BobMcD (601576)]

...but something tells me when the time came to break the law they would let the opportunity slide.

And they'd be wise to do so. Anyone who thinks that stealing such things once laid off is a bright idea just does not have a criminal mind.

Think it through, fellas - what, exactly, do you plan to DO with this data?

Do you intend on working in your field, ever again?

How do you feel about seeing the inside of a federal prison??

Seriously, lay off the power trip. It's just a fucking job. Don't screw up your ENTIRE life just because you have the password...

Re:a survey

[ivanmarsh (634711)]

Uh... as the admin what need do I have for the CEO's password? I have more access to the network than he does.

I'd have to agree this whole article sounds like BS to me.

In other news...

[steveo777 (183629)]

12% of all admins were laid off today in order to clear up resources for paying ransom on old passwords...

New Poll

[Mishra100 (841814)]

88% of IT Admins Would Steal Anything to get Laid

And Cyber Ark are selling?

[Colin Smith (2679)]

Let me guess...

 

Re:And Cyber Ark are selling?

[nine-times (778537)]

In related news, IT admins have done a survey of security firms and have found that 95% of them will provide you with useless and even harmful advice and services if it will make them any money.

Figures Seem Inflated

[dthrall (894750)]

I'm actually surprised at this claim. It would be nice if they posted some additional info, like their sample size, etc. Sorry, I just seriously can't believe that 9 out of 10 people would maliciously act in this manner. Snooping over the network out of curiosity, I'll buy that one.

But...

[lucky130 (267588)]

How many of them are just saying that to sound cool?

Strong morals?

[FliesLikeABrick (943848)]

What ever happened to sysadmins being known for having strong/good morals and ethics?

Betray the betrayer?

[knarfling (735361)]

When someone is laid of for no apparent reason, they often feel hurt and betrayed. A natural reaction is that the trust between them has already been destroyed.

At one company I was with, a sysadmin was on a conference call, and had his hands full when the call ended. The CEO never hung up the phone, and started talking to his assistant about people loosing their jobs and how much severance would be paid. The sysadmin, who probably should have hung up when he was first able to, couldn't resist listening for a short time. After a couple of minutes, the CEO finally realized that his phone was still on, and hung up the line. By that time, the sysadmin knew that several people would be laid off soon, but not how soon, or which people.

He informed a couple of his friends that the company was in worse shape than he had realized, and discretely began updating his resume. Within a month, the company was bought out and closed down by another company and everyone lost their jobs. He was asked to stay on as part of the transition team and that the new company would pay him, but after a couple of days, it was clear that he had been working for free and the new company was not going to honor the agreement.

At that time, he still had sysadmin access, and began to look through emails of the former employees. Some, including the CEO, were still getting and sending emails through web access through the old company server. He learned that although the board of directors did not want to spend the money to make sure that the fired employees could still have health insurance for a couple of months, they were willing to give the former CEO $25,000 for his efforts.

I have always said that a good sysadmin knows all the secrets of a company, but a great sysadmin knows when not to look. In this case, was the sysadmin justified in looking after he had been promised to be paid and then told he was not being paid? (Yes, his access should have been cut off, but he was the one who would have had to cut himself off and he was never told to do so.)

Although this situation may be unique, I think that many sysadmins may feel the same way. Once they are betrayed, they no longer feel the need to stay loyal to those that betray them.

Survey is Pants

[Fox_1 (128616)]

nothing to see here:

"According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords'"

Making the IT folk out to be bogeymen is great business for security pros. I'm sure there are some idiots out there, but most IT people are normal honest people like anybody in any other profession. I don't buy that we are so far off the curve, 81% is bullcrap and makes me question everything about that company and it's motivations and methods for the survey.

Nothing to see here

[Arc the Daft (1340487)]

A firm selling data security products claims that people with access to sensitive information can't be trusted. News at 10.

Post here if you're a minority as well

[Rob Kaper (5960)]

I haven't, I wouldn't. At best you encounter some of those things during ordinary work or even unproductive boredom.. but I totally see no value in having such details of a place you no longer work.

(Of course here in Europe there's a due notice so you have plenty of paid time to find a new job, but still..)

Maybe I'm just daft or weak?

Let me guess

[Kjella (173770)]

....you take a survey saying something like "Have you in your work had access to..." or "Have you known company information after leaving..." which you often have then tweak it into "IT admins spy on you and will steal your IP" in order to make FUD and sell your product? I think I know enough people in the IT business to tell that these numbers are horribly off.

The other 22%...

[AioKits (1235070)]

It could be just me, but I honestly don't care enough about what other employees or coworkers are doing to bother sneaking about their crap. If it's anything like their desktops, I'm probably going to see hundreds of cute kitten photos, pictures of family and a bunch of music hidden under folders named things like, "NotMP3s".

When I was an admin (short stint so I could pay bills, 3 years) I usually didn't give a rat's ass about what the users stored on their system unless it showed up in my virus scan reports or I was told to investigate someone due to "suspicious behavior". (BTW folks, before you get off on the 'evil spying on users' tangent for me, it was only twice and it was two girls working in tandem selling info to another company on how much certain people were paid.) I never could understand the whole "I have the power!" attitude some people showed when it came to passwords or how they'd screw the company if they were laid off. If I felt I was unfairly fired or downsize or funsized, whatever, that's what my lawyer is for (he works for cheap cause I fix his laptop, heh). Why complicate issues by fudging with the network access?

Maybe I'm just too young to understand yet. Now if you'll excuse me, I have to play with my army men, we're planning an attack on the tan army on the coffee table and I gotta move equipment for em.

Re:The other 22%...

[CFTM (513264)]

As a system admin who has access to ten years of email at an institutional finance firm, I can tell you that I have absolutely no desire to go through these records; sure there would be juicy tidbits about office relationships, hot stocks, whose getting what promotion etc but your integrity is way too valuable for any such tomfoolery. Moreover, my experience is that my coworkers have pretty much all been of like-mind. There's just no upside to doing any of the things listed in this article; it most certainly will not get your job back nor will it help you get another job and as has been said before it will get you put in jail.

And, as was said earlier, it's so shocking to find a company that does security consulting say that the weakest link in your security chain is your people, I mean who would of thunk it? Oh wait, Michael Milken did way back in the 80's and I'm sure someone else did it before him...

88% of IT Admins Are Stupid

[Just Some Guy (3352)]

If I'm ever show to the door, I would insist on my ability to operate on the system being terminated at that moment. I don't want VPN access. I don't want an email account. I don't want SSH keys. I sure don't want the boss's password. Why? Because I don't want to be accountable for anything that goes wrong afterward.

Think about it, people. If the IDS catches you SSHing in a couple of weeks after you've left, then they have carte blanche to hold you responsible for whatever breaks, even if it's totally unrelated. Good luck convincing a jury that Oracle coincidentally just happened to explode an hour after you logged into your old workstation. Seriously, what good can possibly come from putting yourself in that situation?

Re:This is silly.

[spun (1352)]

Better go the pre-emptive way: make offside backups before the shit hits the fan.

Bad idea. You'd get a 5 yard penalty on the play.