Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/7/2013
05:32 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Ex-Employees Say It's OK To Take Corporate Data With Them

New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info

They can and will take it with them: Half of employees say they took corporate data with them when they left their jobs or were fired, and 40 percent plan to use that data in their new positions at other organizations, according to a new report.

The Ponemon Institute, commissioned by Symantec, surveyed more than 3,300 people in the U.S., U.K., France, Brazil, China, and Korea to study intellectual property theft and abuse by employees.

Sixty-two percent don't think this practice is wrong, either: They say it's OK to take corporate data with them via their PCs, tablets, smartphones, or cloud file-sharing applications. Some 56 percent say using this information from their old employers is not a crime. They consider the person who created the intellectual property as its owner: Forty-four percent say a software developer who wrote source code for his company is part owner of that work, and 42 percent say it's no crime to reuse that source code at other companies.

But the real problem appears to be within many organizations that don't prioritize data protection and policies: Thirty-eight percent of the respondents say their managers consider data protection a business priority, while more than half say taking corporate data is legitimate because their organizations don't enforce any policies against it.

"Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organization," said Lawrence Bruhmuller, vice president of engineering and product management at Symantec.

The full report, "What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk," is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/15/2013 | 6:23:03 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them




Correct me if I am
wrong but isnGt the leading threat for companies information security current
and former employees? -I believe the lack
of knowledge that employees have regarding this policy is probably the leading
reason for the high percentages. I blame both the employer and employee. I
blame the employer for not properly training their employees that this is not a
practice they partake in and refer to the company policy. As far as employees
it is their responsibility to keep up to date with changes regarding their behaviors
in the office and what they are allowed and not allowed to do with their intellectual
property.

Paul Sprague

InformationWeek Contributor
-

J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
2/8/2013 | 7:36:36 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
I wonder how many of those folks are actually allowed to take data with them. This sounds like a more significant problem than I thought it was.
Bryan Yurcan
50%
50%
Bryan Yurcan,
User Rank: Apprentice
2/8/2013 | 7:08:21 PM
re: Ex-Employees Say It's OK To Take Corporate Data With Them
This is one of the many factors businesses need to consider when creating their BYOD policy, if they already hadn't.-
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.