For the right price, employees would sell company data, says new study

Share this article:

Security professionals aren't confident in the access management tools they have in place, and they believe employees would sell sensitive company data if given the right price, a recent study found.

The “2013 Market Pulse Survey,” a report conducted by research firm Loudhouse and commissioned by SailPoint, an Austin, Texas-based identity management company, reveals some troublesome statistics regarding identity and access management (IAM) gathered from the 400 IT professionals surveyed.

According to the study, when asked about the level of confidence in the ability to either “grant or revoke” employee access to company applications or data, 46 percent of respondents were doubtful in the internal controls currently in place at their respective organizations. The same number of respondents stated that they could not prove the efficiency of those controls.

Additionally, more than half (54 percent) said that their organization has experienced an incident where a terminated employee attempted to access company applications or data after they left. This is an alarming statistic considering that 45 percent of those surveyed believe that employees would sell sensitive company data if they were offered the right price.

In an email to SCMagazine.com, Jackie Gilbert, CMO and founder at SailPoint, said that these statistics highlight the “moral grey area” when it comes to ownership of the data.

“Many employees don't view data theft as a crime,” Gilbert said. “It's fairly common for terminated workers to take data, such as customer contacts or product plans, with them when they leave a job. Adding to that, there are actually now readily available outlets to sell personal data on the internet black market.”

As enterprises continue to grapple with the level of oversight needed as cloud and mobile technologies ramp up, the survey indicates that professionals feel that security incidents are looming. Over half of respondents admitted accessing company data they shouldn't have access to, and 51 percent believe that "it's only a matter of time" before a breach occurs.

“If companies are not carefully monitoring and managing access by insiders, they are likely exposing themselves to very real risk,” Gilbert said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.