Insider threats continue to remain a high risk for today's companies, and a recent study by SailPoint proves exactly why management doesn't trust their own personnel.
SailPoint, a Texas-based identity and access management firm, has surveyed 1,000 workers in private companies in the US, the UK, France, Germany, Austria, and the Netherlands. This is the second year in a row SailPoint conducted the study, and all numbers were up, compared to last year.
The answers these survey takers provided revealed that, globally, one in five employees would be willing to sell his corporate passwords for the right price, up from last year's number which was one in seven.
Many employees would sell corporate passwords for dirt cheap prices
Worrying is the fact that some employees wouldn't even bother negotiating a good price, 44% of the 20% (that said it was willing to sell their passwords) wouldn't even ask for more than $1,000 (€900).
And to propagate the damage even further, about 65% of all respondents said they reuse corporate passwords among multiple work-related apps, meaning that one leaked/sold passwords could cause damage in multiple departments of a business's activity.
But workers wouldn't even need to sell their own passwords, because 32% said they share their corporate passwords with other co-workers, so a rogue employee could very easily sell someone else' password and avoid getting incriminated in case of a data breach.
More ironically is that SailPoint also asked employees about data breaches that involved their own information. As you'd expect, people didn't like it when their data was leaked.
85% of employees said they would react very negatively if their personal information was breached by another company, while 84% said they were concerned about sensitive data being shared about them.
70% of works upload data to the cloud so they could access it at home
But the study's disturbing findings don't end here, though, SailPoint also revealing that 42% of the queried employees admitted to using corporate credentials after they have left a previous job to access the former employer's network.
Even worse, while in their current jobs, 33% of all employees admitted to purchasing and then using (for work) SaaS solutions without the IT staff's knowledge or approval. 70% of these employees also admitted to uploading corporate data in cloud services, so they could access it outside work.
There you have it. Now you know why corporate execs rank their own employees as the most dangerous factor when it comes to data breaches.