14 DAY TRIAL // A survey commissioned by Infosecurity Europe has revealed that 37 percent of the questioned employees would consider handing over business records to third-parties for the right incentive. This comes to strengthen the claim that insider threats are on the rise, which has also been amongst the conclusions outlined in other recent reports.
This study was performed with the help of London commuters. Over 85 percent of the people participating to the survey considered that the information they could obtain from work was valuable. It was revealed that 83 percent had access to customer databases, while 51 percent to human resource databases, information generally targeted by spammers and identity thieves.
But companies don't only risk damaging their public image and losing customers in case of a data leak incident of this sort, but are also exposed to corporate espionage, as 72 percent of workers had access to business plans, 53 percent to accounting systems, and 37 percent to administrative passwords for the IT systems.
While it's comforting to see that almost two thirds of employees would not be willing to become insider spies for less than £1 million, which is a rather high and improbable sum of money for a bribe, the remaining ones still represent a significant threat.
Therefore, 10 percent of workers would turn against their employer if their mortgage was paid off and 5 percent would agree to such actions if their credit card debt was dealt with. Offering a holiday would corrupt 5 percent of employees with access to sensitive data, while another 5 percent would do it in exchange for a better job.
The increase in the number of people who would accept being bribed is likely caused by the global economic turmoil. Over half of the respondents said that they were more afraid of losing their jobs this year than in 2008.
What's also worrying is that two thirds of the questioned employees believed that it was easy to remove sensitive company data without being detected. "You can't count on people's honesty to protect the assets of company, it's down to an organisation to take steps to ensure their most valuable assets are locked down and protected, especially confidential customer data," Tamar Beck, group event director of Infosecurity Europe, commented for SC Magazine.
"Criminals are very adept at finding the vulnerable workers who can be tempted into betraying their employers, therefore, organisations should ensure that they have trained their people to protect sensitive information and have adequate technology and processes in place to help them enforce security policies that comply with current regulation and legislation," Mr. Beck also advised.