One in Four Workers Would Steal Company Information

Uploaded on 2019-08-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Nearly five hundred IT employees said they would take company information to help apply for a position at a competitor, according to a workplace behaviour audit carried out by the security experts at Gurcul
 
The study also found that thirty-four percent of managed service providers and thirty percent of developers are a main source of third party risk. Also if someone was to commit fraud thirty-two percent said it would most likely occur in the finance department.
 
“What these findings show is that insider fraud is a top concern among IT security professionals, as are the security risks associated with third parties that have privileged access to corporate resources,” said Craig Cooper, COO from Gurucul who did the research. 
 
“Since detecting insider threats by employees and trusted third parties is the ultimate game of cat and mouse, many leading edge security organisations are using machine learning to compare the behavior of all users against established baselines of ‘normal’ activity. This allows them to identify anomalous events and spot outliers so they can remediate threats early on.”
 
Key Findings
At the 2019 Blackhat USA Conference, Gurucul conducted a workplace behavior survey to better understand the risky behaviors that pose a security risk to organisations. 476 IT security professionals from around the world completed the questionnaire, of which, more than half work in organisations with at least 2,500 employees. 
 
Some of the reports highlights include:
• Nearly one in four people (24%) would take company information to help apply for a role at a competitor
• Nearly one third (32%) of IT security pros think that finance is the department most at risk for fraud
• Almost three fourths (74%) of respondents tightened up third-party access because of third-party breaches
• The third parties that most concern respondents are MSPs, followed by developers
• 44% of respondents spend at least one hour a day on non-work related web sites (including 32% of those in retail)
• The larger the organisation, the more likely it is that workers will surf the web for fun while at work
• Browsing social media sites is the most popular non-work related online activity
 
Gurucul:              Go1 Survey
 
You Might Also Read:
 
Its Your People Who Contribute To Data Theft:
 
 
« Webinar: JumpStart Guide to Application Security in AWS
US Cyber Attack Disabled Iran’s Ability To Target Shipping »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

IronClad Encryption (ICE)

IronClad Encryption (ICE)

Ironclad Encryption is Dynamic Encryption. The encryption sequence changes continuously so there is never a correlation between data sent and data received.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.