Strategic CIO // Executive Insights & Innovation
Commentary
12/9/2008
02:10 PM
Bob Evans
Bob Evans
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Fearing Layoffs, Most Workers Willing To Steal Data

Most workers frightened by the prospect of layoffs are considering stealing corporate data to use in negotiating for a new job, our excellent sister site Dark Reading reports. They're angry, scared, desperate, and unsophisticated -- but you, the CIO, are cool, calm, and confident because you're prepared for such an onslaught. Right? Well -- you are prepared, aren't you?

Most workers frightened by the prospect of layoffs are considering stealing corporate data to use in negotiating for a new job, our excellent sister site Dark Reading reports. They're angry, scared, desperate, and unsophisticated -- but you, the CIO, are cool, calm, and confident because you're prepared for such an onslaught. Right? Well -- you are prepared, aren't you?The numbers from a range of surveys are scary: 56% of workers in one study are afraid of losing their jobs, and in two other studies 71% of workers said they have either already stolen customer data or are fully prepared to do so, according to "Insiders Pose New Threats In Down Economy," by Dark Reading editor Tim Wilson.

The frightening outlook extends beyond speculation about possible future behavior to hard facts about a surge in unauthorized actions by employees, according to the Dark Reading story:

"...IBM's ISS X-Force research team [reported last week] that it has detected a 30% increase in network and Web-based security events in the past 120 days, with the total number rising from 1.8 billion per day to more than 2.5 billion worldwide. The researchers attribute a significant portion of the uptick to insider activity motivated by economic fear.

"Unlike a 'quick firing,' tens of thousands of employees are readying themselves for the eventuality of losing their jobs -- and no doubt a high percentage of them [will be] 'disgruntled,'" said IBM security expert Gunter Ollmann in a blog earlier this year. "In today's computer-based work environment, with a little planning and forethought, a disgruntled employee can do a lot of damage with little fear of being caught and prosecuted."

If there's any good news in this unprecedented scenario, Wilson wrote, it is the relatively unsophisticated approach being taken by many employees concerned about losing their jobs and willing to steal from their current employers to improve their chances of finding new employment. Kevin Rowney, founder of the data loss prevention (DLP) unit at Symantec, formerly known as Vontu, gave this analysis to Dark Reading:

"Every day we're stopping more and more of these sorts of events -- many more than we saw before the downturn. It's a sad fact that rates of employee fraud rise in a down economy." Most of the economically motivated insider attacks are not particularly sophisticated or even well-thought-out, Rowney says. "In general, these are crimes of passion committed by employees who are angry or scared," he explains.

"These are not people who are sophisticated in IT, developing super-sneaky ways of stealing or sabotaging data without being detected. They're people who are under pressure, or who are mad and seeking vengeance, and they make a large cluster of bad decisions. In most cases, these are fairly obvious activities that can easily be detected if you have the right tools in place."

So we have met the enemy and it is us -- as CIO, are you fully prepared for this unprecedented level of inside attacks? If the CEO comes in and asks for your level of confidence, expressed as a percentage, to stop insider cyberthreats, what number would you offer: 75%? 80%? 90%?

If your answer isn't at least 90%, you need to read this Dark Reading piece immediately and then assign a team to follow some of the steps it outlines. Because here's one more thing the article points out, courtesy of RSA director of product marketing Katie Curtin-Mestre:

"We've seen clients that think they have only one instance of a database, and then through the discovery process, they find that there are 18 unauthorized copies of the data spread around the enterprise. These companies are in no position to leverage policies and controls because they don't know where the data is."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.