One in Four Workers Would Steal Company Information

Uploaded on 2019-08-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Nearly five hundred IT employees said they would take company information to help apply for a position at a competitor, according to a workplace behaviour audit carried out by the security experts at Gurcul
 
The study also found that thirty-four percent of managed service providers and thirty percent of developers are a main source of third party risk. Also if someone was to commit fraud thirty-two percent said it would most likely occur in the finance department.
 
“What these findings show is that insider fraud is a top concern among IT security professionals, as are the security risks associated with third parties that have privileged access to corporate resources,” said Craig Cooper, COO from Gurucul who did the research. 
 
“Since detecting insider threats by employees and trusted third parties is the ultimate game of cat and mouse, many leading edge security organisations are using machine learning to compare the behavior of all users against established baselines of ‘normal’ activity. This allows them to identify anomalous events and spot outliers so they can remediate threats early on.”
 
Key Findings
At the 2019 Blackhat USA Conference, Gurucul conducted a workplace behavior survey to better understand the risky behaviors that pose a security risk to organisations. 476 IT security professionals from around the world completed the questionnaire, of which, more than half work in organisations with at least 2,500 employees. 
 
Some of the reports highlights include:
• Nearly one in four people (24%) would take company information to help apply for a role at a competitor
• Nearly one third (32%) of IT security pros think that finance is the department most at risk for fraud
• Almost three fourths (74%) of respondents tightened up third-party access because of third-party breaches
• The third parties that most concern respondents are MSPs, followed by developers
• 44% of respondents spend at least one hour a day on non-work related web sites (including 32% of those in retail)
• The larger the organisation, the more likely it is that workers will surf the web for fun while at work
• Browsing social media sites is the most popular non-work related online activity
 
Gurucul:              Go1 Survey
 
You Might Also Read:
 
Its Your People Who Contribute To Data Theft:
 
 
« Webinar: JumpStart Guide to Application Security in AWS
US Cyber Attack Disabled Iran’s Ability To Target Shipping »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.