One-third of employees willing to steal company data if the price is right

More than one third of employees would steal sensitive company information if they thought they could earn a decent price from the theft, says Infosecurity Europe.

Research by the security event organizer revealed that of those willing to steal sensitive data, 63 per cent would expect at least £1 million (Can$1.78 million) for their troubles, while 10 per cent want enough to pay off their mortgage.

Two per cent admitted all they would want in return for data theft was a slap up meal.

Infosecurity Europe also said that 68 per cent of staff believe it’s easy to steal sensitive company data and 88 per cent claimed the information they had access too was valuable.

“Criminals are very adept at finding the vulnerable workers who can be tempted into betraying their employers,” said Tamar Beck, group event director, Infosecurity Europe.

She said organizations should ensure they have trained their people to protect sensitive information.

They should also “have adequate technology and processes in place to enforce security policies that comply with current regulation and legislation,” Beck said.

The findings of an annual security survey conducted by KPMG – and published last month – are similar to the Infosecurity report.

In the KPMG survey, businesses polled said their employees would be more willing to steal data or sell insider knowledge due to the poor economy.

Sixty-six percent of respondents felt out-of-work IT workers would be tempted to join the criminal underground, driven in part by threats to bonuses, job losses and worthless stock options.

KPMG’s E-crime Survey 2009 was presented at the E-Crime Congress in London and polled 307 private companies, government organisations and law enforcement agencies.

Ponemon Institute reports their survey of 945 individuals who were laid off, fired or quit their jobs in the past 12 months shows that 59 per cent admitted to stealing company data and 67per cent used their former company’s confidential information to leverage a new job.

Mounting discontent over work conditions and the economy leads IT workers to strike back at firms that exploit them

KPMG said fraud committed by managers, employees and customers tripled compared to 2007, which indicates that the recession will likely only exacerbate those problems.

Employees often have ‘super access’ to sensitive company systems and know those systems’ weaknesses, it said.

This means companies need to have strict procedures in place for locking those individuals out once they no longer work at an organisation, the survey said.

The survey topped off a series of fairly gloomy presentations by security experts on the state of Internet security. Those experts are still seeing an exponential rise in the number of malicious software programs along with a diminished effectiveness of antivirus software.

Figures released by security vendor Symantec show that more than 2.4 million strains of malware exist, said Malcolm Marshall, a KPMG partner in IT governance.

The security community could soon “face a potential meltdown in the way we do e-business”, Marshall said. That’s due in part to IT professionals who aren’t patching systems, cybercriminals refining their skills and a lack of security knowledge on the part of consumers, he said.

“We know that end users are broadly not sophisticated,” Marshall said. “The reality is we are seeing more sophisticated attacks aimed at sophisticated people.”

In other survey results, 45 per cent of respondents handling critical national infrastructure said they are seeing an increase in the number of attacks on their systems.

Fifty-one percent of respondents from the same category said the technical sophistication of those attacks is getting better.

Sixty-eight percent said that of all kinds of malicious code they felt Trojan horse programs – ones that are designed to look harmless but can steal data along with other functions – had the most impact on their businesses.

Rootkits are the next highest concern, followed by spyware, worms, viruses, mobile malicious code and, finally, adware.