Most Employees Will Steal Company Secrets If They Are Fired

A survey of more than 1,000 UK residents indicates that insider threats are mainly comprised of normal, mainstream employees. Most strikingly, the survey found that 70% of respondents had clear plans to take something with them upon actually leaving their job.

The most popular data is intellectual property (27%) and customer records (17%). Moreover, about half of respondents claimed to have personal ownership of the data – 59% in the case that they were about to change jobs, and 53% if they knew they were about to be dismissed.

This survey refutes the conventional wisdom that insiders are corporate spies or revenge-seeking employees. It seems most employees have no deliberate intention to cause the company any damage. Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.

Survey highlights include:

  • 70% of the respondents had clear plans to take something with them upon actually leaving. Most popular data being intellectual property (27%) and customer records (17%). Ironically, 66% of respondents would not deliberately take out employer’s data upon rumours of dismissal.
  • 79% of the surveyed individuals responded that either their organization does not have, or is unaware of, any policy to remove collected data from employees’ laptops upon departure.
  • Most respondents (72%) have admitted to taking out corporate data. This data is evenly distributed between customer records, HR records and marketing material.
  • More than half of the respondents claimed to have personal ownership of the data – 59% in the case that they were about to change jobs, and 53% if they knew they were about to be dismissed.

Others considered it helpful in their next role (35% when moving a workplace, 17% – under the knowledge of being terminated). The vast majority (85%) carry corporate data in their home computers or mobile devices. This data mostly consists of customer records (75%) and Intellectual Property (27%).

The survey shows that employees tend to extract information which is beyond their need to know and enterprises have practically no controls in place to prevent excessive privilege access:

  • 54% of the respondents have accessed data outside their explicit role permissions. Customer records consisted of 50% of individuals’ interest. While 54% accessed files outside of their normal business privilege.
  • 73% of survey takers replied that existing access control mechanisms around this data are very easy to bypass.
SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads Imperva's internationally recognised research organisation focused on security and compliance. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

  • Data breaches have a real cost to organisations

    Today’s research from Imperva underlines the growing problems facing organisations of all sizes in the UK as they try to contain data security.

    With 70% of the respondents stating their intentions to take something with them upon leaving an employer, and more than a quarter indicating that they would take intellectual property and or customer records, the threat of sensitive data leaking from organisations is real and quantifiable.

    To address these risks, it is important that companies adhere to the principle of least privilege which states that users should have as few privileges as possible, consistent with their business function – thus minimising risk of sensitive data getting in to inappropriate hands. Additionally, companies should monitor user activity in addition to rights. Knowing which employees represent more risk due to their access privileges should prompt organisations to monitor their activity as well in order to identify suspicious activity. Over-provisioned users who have more access rights than they require, represent a greater risk as can be seen by these results, particularly if they have unnecessary access to sensitive applications or data, and a risk profile that combines activity with access gives a better understanding of the potential for data loss.

    Unfortunately, as the report shows, too many companies still do not have enforceable policies, let alone the technology in place to monitor access and user activity, to deal with data loss or theft.