Home : Security : News

Most workers would pilfer business data

Most workers would happily take corporate data when they leave their employer, an Imperva survey finds.

By Tom Brewster, 22 Nov 2010 at 11:16

The majority of workers have plans to take data away from their companies once they resign or are given the boot, research has indicated.

Seven in 10 respondents to an Imperva survey said they would take some kind of data away with them once they left their job, with intellectual property (IP) the most likely kind of information to be swiped.

Over a quarter of respondents claimed they would most likely take IP, whilst almost 20 per cent said they would pilfer customer records.

Almost half of respondents felt they had personal ownership of corporate data.

“This survey refutes the conventional wisdom that insiders are corporate spies or revenge-seeking employees,” explained Imperva CTO Amichai Shulman.

“It seems most employees have no deliberate intention to cause the company any damage. Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”

It also appeared many firms did not have policies in place to protect their information. Over three-quarters of respondents said either their companies did not have a policy to remove collected data from employees’ laptops upon departure, or the workers were unaware of one.

IT PRO recently caught up with Shulman to discuss what he believed the security industry would look like in 2011.

He suggested one of the key trends would be a move by governments to use techniques previously employed by industrial hackers.

In particular, administrations will use more automated distribution mechanisms, Shulman said.

Email to a friend

Print this page

< Previous Security : News Next >

1 comments

You need to Login or Register to comment.

Data breaches have a real cost to organisations

Today’s research from Imperva underlines the growing problems facing organisations of all sizes in the UK as they try to contain data security.

With 70% of the respondents stating their intentions to take something with them upon leaving an employer, and more than a quarter indicating that they would take intellectual property and or customer records, the threat of sensitive data leaking from organizations is real and quantifiable.

To address these risks, it is important that companies adhere to the principle of least privilege which states that users should have as few privileges as possible, consistent with their business function – thus minimising risk of sensitive data getting in to inappropriate hands. Additionally, companies should monitor user activity in addition to rights. Knowing which employees represent more risk due to their access privileges should prompt organizations to monitor their activity as well in order to identify suspicious activity. Over-provisioned users who have more access rights than they require, represent a greater risk as can be seen by these results, particularly if they have unnecessary access to sensitive applications or data, and a risk profile that combines activity with access gives a better understanding of the potential for data loss.

Unfortunately, as the report shows, too many companies still do not have enforceable policies, let alone the technology in place to monitor access and user activity, to deal with data loss or theft.

By Ip_courion3a5e03 on Monday Nov 22

Latest Security Analysis & Insight

What is your password worth?

Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.

More Security Reviews