One in three workers would steal data
Unscrupulous IT workers are more likely than ever to steal company data if they thought it would benefit them, an employee survey has revealed.
An alarming number of people would consider stealing sensitive data from their employer if it suited their own ends, and the figure is rising, new research has found.
One in three employees canvassed by information security company Cyber-Ark said they had used their employee permissions to access privileged corporate information such as HR records and customer databases without authorisation.
Worryingly from a security point of view, fully three quarters of those questioned in the US and UK claimed they could bypass the controls their companies had put in place to protect such information.
In both cases, the figures represent a rise over last year, despite increased media awareness on the subject after a sharp rise in data breaches.
But perhaps more interestingly than the headline figures was the sharp increase in respondents saying they would consider taking company information with them if they were fired clearly a result of increased pressure in the job market thanks to the global economic downturn.
Six times as many employees as last year said they would take financial reports or merger and acquisition plans with them and four times as many said they would nab chief executive's passwords and development plans.
One in five companies reported having been victims of insider sabotage, and of those, 36 per cent believed rival firms had benefited.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated," said Cyber-Ark chief executive Udi Mokady, commenting on the survey results.
"Businesses must wake up and realize that trust is not a security policy; they have an organisational responsibility to lock down sensitive data and systems, while monitoring all activity even when legitimate access is granted," he added in a statement.
More than 400 senior IT professionals in the US and UK took part in Cyber-Ark's Trust, Security & Passwords survey, mainly from enterprise class companies.
Read on to find out what to do in case of a data breach.