Analytics
11/23/2009
06:17 PM
50%
50%

Employees Willing To Steal Data; Companies On The Alert

Separate studies offer a scary glimpse into the minds of employees, management

Employees know it's illegal to steal company data, but they're prepared to do it anyway. Companies know their employees are a chief threat to their data, but most aren't doing much about it.

These are the takeaways from two separate studies published today by security vendors Cyber-Ark and Actimize. Taken together, the studies paint a sobering picture of the state of trust and security within the corporate walls.

In its study, Cyber-Ark surveyed some 600 workers in the financial districts of New York and London and found that most workers are not shy about taking work home -- and keeping it for their own use.

Eighty-five percent of the respondents to the Cyber-Ark survey said they know it is illegal to download company data for personal use, but 41 percent said they already have taken sensitive data with them to a new position. About a third of respondents said they would share sensitive information with friends or family in order to help them land a job.

Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.

Of those who plan to take competitive or sensitive corporate data, 64 percent said they would do so "just in case" the data might prove useful or advantageous in the future. Twenty-seven percent said they would use the data to negotiate their new position, while 20 percent plan to use it as a tool in their new job.

Customer and contact lists were the top priority for employees to steal, registering 29 percent of the respondents. Plans and proposals were next (18 percent), with product information bringing up the rear (11 percent). Thirteen percent of savvy thieves said they would take access and password codes so they could get into the network once they've left the company and continue downloading information and accessing data.

According to the second study, which was compiled by security vendor Actimize, most companies know about the threat from employess and are worried about it.

Eighty-two percent of those surveyed, approximately a quarter more than in 2007, see the threat of employee fraud growing, and 78 percent see the employee fraud problem increasing due to the slower economy.

The Actimize study, which was conducted by third-party firm Infosurv, found more than 69 percent of respondents view full-time employees as the highest risk segment -- seven to 14 times more risky than part-time, offshore, outsourced, or temporary employees.

The respondents to the Actimize survey, who all came from the financial services industry, are increasingly alarmed with employee sabotage, Actimize said. Seventy-two percent of respondents stated they are moderately to extremely concerned that laid-off or disgruntled employees will plant malicious software scripts or destroy company property.

Eighty-four percent of the financial respondents said the industry is likely to experience a rogue trading loss of more than $100 million in the next 12 months, as it did last year at Societe Generale.

While fears of insider threat run high, however, many companies appear to be at a loss as to what to do about it. Sixty-seven percent of those surveyed think a half or less of employee fraud cases are actually caught. When ranking top ways they uncover employee fraud, 34 percent admitted they discovered the fraud "accidentally."

More than three-quarters of respondents said the nature of employee fraud is becoming more sophisticated, yet less than 30 percent use the latest generation of tools to protect against employee fraud, Actimize said. This is actually a significant improvement from 2007, when only 8 percent used the latest generation of technologies to combat employee fraud.

Fifty-eight percent of respondents rated the financial industry's ability to detect employee fraud as "poor" or "somewhat acceptable," which is also a noticeable improvement from 2007.

"As the research shows, regardless of the direction the economy takes in the near future, financial institutions are expected to be increasingly concerned about the threat of criminal employee behavior," said Paul Henninger, head of the financial crimes product group at Actimize. "Luckily, there is evidence that the industry is improving its ability to investigate and catch employee fraud."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report