Almost 60 percent of employees stole company data upon leaving their jobs last year. As the economy worsens and more people are laid off, more insider theft is expected to occur.
With job losses continuing to climb, securities experts predict that insider attacks from laid-off employees or those thinking they'll be cut will increase.
"With 1.5 million predicted job losses in the U.S. alone, there's an increased risk and exposure to these attacks," Doug Leland, Microsoft's Identity and Security unit's general manager, tells BBC News
Security software maker Systematec agrees, saying that the financial downturn would lead to an increase in malicious insider breaches. "In most cases people are motivated by revenge, fear or greed," according to Kevin Rowney, founder of Systematec's Data Loss Prevention unit. BBC News points to a Verizon study
conducted last year that determined insider breaches accounted for 18 percent of attacks.
"While insider attacks are lower in number," Rowney explains, "they could be more devastating because the employee knew where 'the crown jewels' were kept unlike a hacker who had to go on something of a 'fishing expedition' to find a company's valuable assets."
Another sobering survey, from Cyber-Ark
last fall, indicates that 88 percent of information technology (IT) system administrators would steal sensitive company data if fired. A newly released report by the Ponemon Institute
cites similar results: 59 percent of 945 adults who were laid-off, fired or changed jobs in the U.S. over the last 12 months admitted to stealing company data, according to the survey (via Network World
The respondents had access to propriety information such as customer data, contact lists, employee records, financial reports, confidential documents, software tools and other intellectual property, BBC News
reports of the findings. Network World adds that the respondents worked in sales (24 percent), corporate IT (20 percent), financial and accounting (10 percent), and marketing and communications (8 percent). The remainder were spread across multiple fields.
Common scenarios involve employees stealing information to sell to a third party or using the company database to set up shop for themselves, Rowney tells BBC News
. The Ponemon research has found that 67 percent used their former company's confidential information to leverage a new job.
According to the survey, the more popular files to take were e-mail-related information and hard copies. PDF files, database files or source codes were less popular, Network World says. Theft was done by simply walking out with the hard copies, by transferring data onto a CD, DVD, USB memory stick or by sending documents out as e-mail attachments.
Employees are able to get away with sensitive information because companies are lax about security. "They believe this is just something they have to live with," Ponemon's Mike Spinney tells BBC News
. "Our sense is that a lot of companies have really just given up, but this study shows these are preventable events."
The Ponemon Institute reports that only 15 percent of respondents had reviewed or audited the paper documents or electronic files employees were walking out with. Of those companies that did conduct reviews, 45 percent were not being completed and 29 percent were fairly superficial.
Twenty-four percent of former employees responding to the survey say they still had access to their former employer's computer systems after they left, with more than 50 percent saying they had access anywhere from one day to a week and 20 percent saying they had more than a week, Network World
notes of the report's findings.
To slow the wave of data breaches, Microsoft suggests companies encrypt data and rescind employees' access to data more quickly upon their departure, BBC News
Malicious Insider Attacks to Rise
by Maggie Shiels
BBC News, Feb. 11, 2009
Workers 'Stealing Company Data'
by Maggie Shiels
BBC News, Feb. 23, 2009
More Than Half of Booted Workers Steal Data on Way Out, Survey Finds
by Ellen Messmer
Network World, Feb. 23, 2009
Verizon Business Releases...Data-Breach Study Spanning 500 Forensic Investigations
Verizon Business, June 11, 2008
Security Survey Reveals Exiting Employees Have The Power
Cyber-Ark Software, Aug. 27, 2008
The BOFH Lives: 88% of IT Workers Would Steal Data If Fired
by Ryan Paul
Ars Technica, Sept. 2, 2008