theDocumentId => 1139108 Ex-Employees Say It's OK To Take Corporate Data ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/7/2013
05:32 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Ex-Employees Say It's OK To Take Corporate Data With Them

New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info

They can and will take it with them: Half of employees say they took corporate data with them when they left their jobs or were fired, and 40 percent plan to use that data in their new positions at other organizations, according to a new report.

The Ponemon Institute, commissioned by Symantec, surveyed more than 3,300 people in the U.S., U.K., France, Brazil, China, and Korea to study intellectual property theft and abuse by employees.

Sixty-two percent don't think this practice is wrong, either: They say it's OK to take corporate data with them via their PCs, tablets, smartphones, or cloud file-sharing applications. Some 56 percent say using this information from their old employers is not a crime. They consider the person who created the intellectual property as its owner: Forty-four percent say a software developer who wrote source code for his company is part owner of that work, and 42 percent say it's no crime to reuse that source code at other companies.

But the real problem appears to be within many organizations that don't prioritize data protection and policies: Thirty-eight percent of the respondents say their managers consider data protection a business priority, while more than half say taking corporate data is legitimate because their organizations don't enforce any policies against it.

"Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organization," said Lawrence Bruhmuller, vice president of engineering and product management at Symantec.

The full report, "What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk," is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/15/2013 | 6:23:03 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them




Correct me if I am
wrong but isnGt the leading threat for companies information security current
and former employees? -I believe the lack
of knowledge that employees have regarding this policy is probably the leading
reason for the high percentages. I blame both the employer and employee. I
blame the employer for not properly training their employees that this is not a
practice they partake in and refer to the company policy. As far as employees
it is their responsibility to keep up to date with changes regarding their behaviors
in the office and what they are allowed and not allowed to do with their intellectual
property.

Paul Sprague

InformationWeek Contributor
-

J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
2/8/2013 | 7:36:36 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
I wonder how many of those folks are actually allowed to take data with them. This sounds like a more significant problem than I thought it was.
Bryan Yurcan
50%
50%
Bryan Yurcan,
User Rank: Apprentice
2/8/2013 | 7:08:21 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
This is one of the many factors businesses need to consider when creating their BYOD policy, if they already hadn't.-
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26180
PUBLISHED: 2021-07-28
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
CVE-2020-5341
PUBLISHED: 2021-07-28
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated ...
CVE-2020-5351
PUBLISHED: 2021-07-28
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privilege...
CVE-2021-32788
PUBLISHED: 2021-07-27
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal mes...
CVE-2021-32796
PUBLISHED: 2021-07-27
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin...