Vulnerabilities / Threats
2/7/2013
05:32 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Ex-Employees Say It's OK To Take Corporate Data With Them

New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info

They can and will take it with them: Half of employees say they took corporate data with them when they left their jobs or were fired, and 40 percent plan to use that data in their new positions at other organizations, according to a new report.

The Ponemon Institute, commissioned by Symantec, surveyed more than 3,300 people in the U.S., U.K., France, Brazil, China, and Korea to study intellectual property theft and abuse by employees.

Sixty-two percent don't think this practice is wrong, either: They say it's OK to take corporate data with them via their PCs, tablets, smartphones, or cloud file-sharing applications. Some 56 percent say using this information from their old employers is not a crime. They consider the person who created the intellectual property as its owner: Forty-four percent say a software developer who wrote source code for his company is part owner of that work, and 42 percent say it's no crime to reuse that source code at other companies.

But the real problem appears to be within many organizations that don't prioritize data protection and policies: Thirty-eight percent of the respondents say their managers consider data protection a business priority, while more than half say taking corporate data is legitimate because their organizations don't enforce any policies against it.

"Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organization," said Lawrence Bruhmuller, vice president of engineering and product management at Symantec.

The full report, "What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk," is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
2/15/2013 | 6:23:03 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them




Correct me if I am
wrong but isnGÇÖt the leading threat for companies information security current
and former employees? -áI believe the lack
of knowledge that employees have regarding this policy is probably the leading
reason for the high percentages. I blame both the employer and employee. I
blame the employer for not properly training their employees that this is not a
practice they partake in and refer to the company policy. As far as employees
it is their responsibility to keep up to date with changes regarding their behaviors
in the office and what they are allowed and not allowed to do with their intellectual
property.

Paul Sprague

InformationWeek Contributor


J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
2/8/2013 | 7:36:36 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
I wonder how many of those folks are actually allowed to take data with them. This sounds like a more significant problem than I thought it was.
Bryan Yurcan
50%
50%
Bryan Yurcan,
User Rank: Apprentice
2/8/2013 | 7:08:21 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
This is one of the many factors businesses need to consider when creating their BYOD policy, if they already hadn't.-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web