For the right price, employees would sell company data, says new study

Share this article:

Security professionals aren't confident in the access management tools they have in place, and they believe employees would sell sensitive company data if given the right price, a recent study found.

The “2013 Market Pulse Survey,” a report conducted by research firm Loudhouse and commissioned by SailPoint, an Austin, Texas-based identity management company, reveals some troublesome statistics regarding identity and access management (IAM) gathered from the 400 IT professionals surveyed.

According to the study, when asked about the level of confidence in the ability to either “grant or revoke” employee access to company applications or data, 46 percent of respondents were doubtful in the internal controls currently in place at their respective organizations. The same number of respondents stated that they could not prove the efficiency of those controls.

Additionally, more than half (54 percent) said that their organization has experienced an incident where a terminated employee attempted to access company applications or data after they left. This is an alarming statistic considering that 45 percent of those surveyed believe that employees would sell sensitive company data if they were offered the right price.

In an email to SCMagazine.com, Jackie Gilbert, CMO and founder at SailPoint, said that these statistics highlight the “moral grey area” when it comes to ownership of the data.

“Many employees don't view data theft as a crime,” Gilbert said. “It's fairly common for terminated workers to take data, such as customer contacts or product plans, with them when they leave a job. Adding to that, there are actually now readily available outlets to sell personal data on the internet black market.”

As enterprises continue to grapple with the level of oversight needed as cloud and mobile technologies ramp up, the survey indicates that professionals feel that security incidents are looming. Over half of respondents admitted accessing company data they shouldn't have access to, and 51 percent believe that "it's only a matter of time" before a breach occurs.

“If companies are not carefully monitoring and managing access by insiders, they are likely exposing themselves to very real risk,” Gilbert said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.