The global economic crisis has generated increasing levels of danger to data security, at a time when stronger compliance requirements places extra pressure on IT budgets. Does data security pose a threat to your organisation?
Three recent surveys suggest that it does. In a UK survey by Cyber-Ark, one in three workers admitted they would steal data to help a friend get a job while 13 per cent would take access and password codes if they were fired. And in the survey, the global recession and its effect on work ethics, 48 per cent of respondents said they would take company information with them if they were fired tomorrow.
Of the respondents, 39 per cent would download company/competitive information if they found that their job was at risk, and a quarter said that the recession has meant that they feel less loyal towards their employer. Also, 13 per cent would take access and password codes to allow access to the network once they've left the company, and continue downloading information and accessing whatever they want or need.
The most desired information was customer and contact details for 29 per cent of respondents, then 18 per cent said that they would steal plans and proposals. Eleven per cent would take product information.
International accounting firm Ernst & Young agree that data security is something business should take very seriously. In their annual Global Information Security study, they stated that former employees pose a rising threat to data security, and as more companies are forced to cut staff, they risk information theft and destruction at the hands of former workers. Reprisals from recently departed employees and a lack of adequate security budgets and resources are becoming major concerns for senior IT professionals. Canvassing nearly 1,900 senior executives in more than 60 countries, 75% of respondents to EY’s study said they are concerned with the possible reprisal from employees who have left their organizations.
"With the economy still in recession, employees who are made redundant may feel resentful towards their previous employer in a number of ways that may affect the smooth operation of an organisation," said Ernst & Young IT risk advisory partner Richard Brown.
"Increasingly, the employer's IT system has become a common target and data theft is also prevalent."
The increasing danger to data security was reinforced in a June 2009 survey by Ponemon Institute, independent US researchers and think-tank on data protection and information security. The survey found that employees are ignoring data security policies and engaging in activities that could put a company at risk. A majority of respondents to this survey admitted to serious non-compliant workplace behaviours - eg insecure use of web-based email, social media, and mobile devices.
Tight budgets resulting from the economic crisis mean that IT managers must provide tighter security with less money, and adding to this pressure are stronger regulatory compliance requirements.
Ron Koch, Executive Director with Ernst & Young LLP's Information Technology Risk and Assurance Services practice, says, "Becoming compliant is changing organizations' security procedures and policies for the better. However, companies must now shift their focus from 'point in time' security activities, to incorporating information security into a comprehensive, enterprise-wide governance, risk and compliance program. Managing and automating these efforts on a cost-effective basis can help drive overall business performance improvement."