Sell my company's data? Make me an offer
A new survey suggests that the majority of businesses believe employees would sell on confidential corporate data -- as long as the honey pot is sweet enough.
Research conducted by Loudhouse, the 2013 Market Pulse Survey, collected the opinions of 400 IT executives across the United States and United Kingdom in companies with over 5,000 employees. The study found that not only are businesses struggling to secure their data in the world of bring-your-own-device (BYOD) and cloud computing, but also that 45 percent think staff would happily lift documents and sell it on for the right price.
According to the study (.pdf), insider threats are just as much of a worry as cyberattacks from external sources. Nearly half of IT executives -- 46 percent -- said they did not believe their company have effective internal controls over user access privileges, and the same proportion lack confidence in their ability to grant and revoke access when an employee joins or leaves an organisation.
Over half of respondents admitted their employees have read or seen company documents they should not have had access to. In addition, over half of firms have experienced a former employee trying to access corporate systems after leaving the company.
Internal access management has also been negatively impacted by new trends including cloud computing and BYOD schemes. Security issues that already exist are exacerbated, and compliance problems have created new challenges for IT departments. While these new technologies can improve a businesses' flexibility and freedom, it also means that complex systems and a large number of new access points to networks generated by BYOD devices can create a never-ending headache for security teams.
Over half of companies -- 53 percent -- have suffered a security failure, and 51 percent admit that it is "just a matter of time" before another data breach occurs. Within the survey, respondents said that critical issues contributing to security problems were an inability to get the whole picture across all systems (45 percent), over-reliance on IT support (43 percent) and an inability to manage new technologies (40 percent).
In addition, while 82 percent of companies allow employees to use their own devices, only 41 percent automatically remove mission-critical data from a device when an employee leaves -- and six percent admitted data is left on the gadgets.
The core problem is not just a lack of trust in staff, but a lack of confidence in IT systems. The research says that it is an "overall failure to fully manage identity and access" in corporate networks. In a statement, commissioner of the study Jackie Gilbert, founder of SailPoint said:
"Many organizations are struggling to manage 'who has access to what?' across the enterprise. And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It's pretty clear that if you're not proactively managing cloud and mobile access today, you're at increased risk of fraud, data theft, and security breaches."