Analytics
11/23/2009
06:17 PM
50%
50%

Employees Willing To Steal Data; Companies On The Alert

Separate studies offer a scary glimpse into the minds of employees, management

Employees know it's illegal to steal company data, but they're prepared to do it anyway. Companies know their employees are a chief threat to their data, but most aren't doing much about it.

These are the takeaways from two separate studies published today by security vendors Cyber-Ark and Actimize. Taken together, the studies paint a sobering picture of the state of trust and security within the corporate walls.

In its study, Cyber-Ark surveyed some 600 workers in the financial districts of New York and London and found that most workers are not shy about taking work home -- and keeping it for their own use.

Eighty-five percent of the respondents to the Cyber-Ark survey said they know it is illegal to download company data for personal use, but 41 percent said they already have taken sensitive data with them to a new position. About a third of respondents said they would share sensitive information with friends or family in order to help them land a job.

Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.

Of those who plan to take competitive or sensitive corporate data, 64 percent said they would do so "just in case" the data might prove useful or advantageous in the future. Twenty-seven percent said they would use the data to negotiate their new position, while 20 percent plan to use it as a tool in their new job.

Customer and contact lists were the top priority for employees to steal, registering 29 percent of the respondents. Plans and proposals were next (18 percent), with product information bringing up the rear (11 percent). Thirteen percent of savvy thieves said they would take access and password codes so they could get into the network once they've left the company and continue downloading information and accessing data.

According to the second study, which was compiled by security vendor Actimize, most companies know about the threat from employess and are worried about it.

Eighty-two percent of those surveyed, approximately a quarter more than in 2007, see the threat of employee fraud growing, and 78 percent see the employee fraud problem increasing due to the slower economy.

The Actimize study, which was conducted by third-party firm Infosurv, found more than 69 percent of respondents view full-time employees as the highest risk segment -- seven to 14 times more risky than part-time, offshore, outsourced, or temporary employees.

The respondents to the Actimize survey, who all came from the financial services industry, are increasingly alarmed with employee sabotage, Actimize said. Seventy-two percent of respondents stated they are moderately to extremely concerned that laid-off or disgruntled employees will plant malicious software scripts or destroy company property.

Eighty-four percent of the financial respondents said the industry is likely to experience a rogue trading loss of more than $100 million in the next 12 months, as it did last year at Societe Generale.

While fears of insider threat run high, however, many companies appear to be at a loss as to what to do about it. Sixty-seven percent of those surveyed think a half or less of employee fraud cases are actually caught. When ranking top ways they uncover employee fraud, 34 percent admitted they discovered the fraud "accidentally."

More than three-quarters of respondents said the nature of employee fraud is becoming more sophisticated, yet less than 30 percent use the latest generation of tools to protect against employee fraud, Actimize said. This is actually a significant improvement from 2007, when only 8 percent used the latest generation of technologies to combat employee fraud.

Fifty-eight percent of respondents rated the financial industry's ability to detect employee fraud as "poor" or "somewhat acceptable," which is also a noticeable improvement from 2007.

"As the research shows, regardless of the direction the economy takes in the near future, financial institutions are expected to be increasingly concerned about the threat of criminal employee behavior," said Paul Henninger, head of the financial crimes product group at Actimize. "Luckily, there is evidence that the industry is improving its ability to investigate and catch employee fraud."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?