Vulnerabilities / Threats

2/7/2013
05:32 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Ex-Employees Say It's OK To Take Corporate Data With Them

New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info

They can and will take it with them: Half of employees say they took corporate data with them when they left their jobs or were fired, and 40 percent plan to use that data in their new positions at other organizations, according to a new report.

The Ponemon Institute, commissioned by Symantec, surveyed more than 3,300 people in the U.S., U.K., France, Brazil, China, and Korea to study intellectual property theft and abuse by employees.

Sixty-two percent don't think this practice is wrong, either: They say it's OK to take corporate data with them via their PCs, tablets, smartphones, or cloud file-sharing applications. Some 56 percent say using this information from their old employers is not a crime. They consider the person who created the intellectual property as its owner: Forty-four percent say a software developer who wrote source code for his company is part owner of that work, and 42 percent say it's no crime to reuse that source code at other companies.

But the real problem appears to be within many organizations that don't prioritize data protection and policies: Thirty-eight percent of the respondents say their managers consider data protection a business priority, while more than half say taking corporate data is legitimate because their organizations don't enforce any policies against it.

"Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organization," said Lawrence Bruhmuller, vice president of engineering and product management at Symantec.

The full report, "What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk," is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/15/2013 | 6:23:03 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them




Correct me if I am
wrong but isnGt the leading threat for companies information security current
and former employees? -I believe the lack
of knowledge that employees have regarding this policy is probably the leading
reason for the high percentages. I blame both the employer and employee. I
blame the employer for not properly training their employees that this is not a
practice they partake in and refer to the company policy. As far as employees
it is their responsibility to keep up to date with changes regarding their behaviors
in the office and what they are allowed and not allowed to do with their intellectual
property.

Paul Sprague

InformationWeek Contributor
-

J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
2/8/2013 | 7:36:36 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
I wonder how many of those folks are actually allowed to take data with them. This sounds like a more significant problem than I thought it was.
Bryan Yurcan
50%
50%
Bryan Yurcan,
User Rank: Apprentice
2/8/2013 | 7:08:21 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
This is one of the many factors businesses need to consider when creating their BYOD policy, if they already hadn't.-
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8010
PUBLISHED: 2018-05-21
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerabilit...
CVE-2018-8012
PUBLISHED: 2018-05-21
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.