Analytics
11/23/2009
06:17 PM
Connect Directly
RSS
E-Mail
50%
50%

Employees Willing To Steal Data; Companies On The Alert

Separate studies offer a scary glimpse into the minds of employees, management

Employees know it's illegal to steal company data, but they're prepared to do it anyway. Companies know their employees are a chief threat to their data, but most aren't doing much about it.

These are the takeaways from two separate studies published today by security vendors Cyber-Ark and Actimize. Taken together, the studies paint a sobering picture of the state of trust and security within the corporate walls.

In its study, Cyber-Ark surveyed some 600 workers in the financial districts of New York and London and found that most workers are not shy about taking work home -- and keeping it for their own use.

Eighty-five percent of the respondents to the Cyber-Ark survey said they know it is illegal to download company data for personal use, but 41 percent said they already have taken sensitive data with them to a new position. About a third of respondents said they would share sensitive information with friends or family in order to help them land a job.

Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.

Of those who plan to take competitive or sensitive corporate data, 64 percent said they would do so "just in case" the data might prove useful or advantageous in the future. Twenty-seven percent said they would use the data to negotiate their new position, while 20 percent plan to use it as a tool in their new job.

Customer and contact lists were the top priority for employees to steal, registering 29 percent of the respondents. Plans and proposals were next (18 percent), with product information bringing up the rear (11 percent). Thirteen percent of savvy thieves said they would take access and password codes so they could get into the network once they've left the company and continue downloading information and accessing data.

According to the second study, which was compiled by security vendor Actimize, most companies know about the threat from employess and are worried about it.

Eighty-two percent of those surveyed, approximately a quarter more than in 2007, see the threat of employee fraud growing, and 78 percent see the employee fraud problem increasing due to the slower economy.

The Actimize study, which was conducted by third-party firm Infosurv, found more than 69 percent of respondents view full-time employees as the highest risk segment -- seven to 14 times more risky than part-time, offshore, outsourced, or temporary employees.

The respondents to the Actimize survey, who all came from the financial services industry, are increasingly alarmed with employee sabotage, Actimize said. Seventy-two percent of respondents stated they are moderately to extremely concerned that laid-off or disgruntled employees will plant malicious software scripts or destroy company property.

Eighty-four percent of the financial respondents said the industry is likely to experience a rogue trading loss of more than $100 million in the next 12 months, as it did last year at Societe Generale.

While fears of insider threat run high, however, many companies appear to be at a loss as to what to do about it. Sixty-seven percent of those surveyed think a half or less of employee fraud cases are actually caught. When ranking top ways they uncover employee fraud, 34 percent admitted they discovered the fraud "accidentally."

More than three-quarters of respondents said the nature of employee fraud is becoming more sophisticated, yet less than 30 percent use the latest generation of tools to protect against employee fraud, Actimize said. This is actually a significant improvement from 2007, when only 8 percent used the latest generation of technologies to combat employee fraud.

Fifty-eight percent of respondents rated the financial industry's ability to detect employee fraud as "poor" or "somewhat acceptable," which is also a noticeable improvement from 2007.

"As the research shows, regardless of the direction the economy takes in the near future, financial institutions are expected to be increasingly concerned about the threat of criminal employee behavior," said Paul Henninger, head of the financial crimes product group at Actimize. "Luckily, there is evidence that the industry is improving its ability to investigate and catch employee fraud."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-3518
Published: 2014-07-22
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to exec...

CVE-2014-3530
Published: 2014-07-22
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.