Stealing Data

So a survey showed that 88% of IT staff would steal sensitive corporate information if they were laid off. I’m quite sure that a lot more people actually walk out the door with sensitive information. OK, so it may not be the CEO’s password, but sensitive information none the less. Companies don’t know where their information is at the best of times, let alone whether someone has taken a copy on a CD ROM, or memory stick - or in some cases just had it mailed out to a personal email account. Customer lists, pricing details, business plans are all good targets to be stolen from the inside. As with most data-loss it also happens inadvertently, executives are often allowed to walk out with their laptops, but what about the data! Ooops there goes another disaster waiting to happen…

Of course walking out with information is one thing, using it maliciously is completely different. I wonder if the survey had asked whether those 88% of IT staff that would walk out with sensitive information would actually use it, or sell it - what would the response be? It might not be zero, but I very much doubt it would be more than a few percent. On the other hand we do know that the ‘malicious insider’ is a real threat - they do steal information with a view to using it. The thing about being an ‘insider’ is that (a) you have access to the systems, so no need to break in and (b) you know where the valuable data is. This is why we are seeing an increase in criminal placements… companies need to wake up to the fact that this is happening and start putting policies and technologies to prevent it. It will save embarrassment (or even large fines) later… Forewarned is forearmed.

September 2, 2008 | Filed Under data-loss 

comments

One Response to “Stealing Data”

  1. Frank Marsh on September 8th, 2008

    Of course it is not just IT staff who act in this way, though they do represent a special issue in that they may have very wide access, or specialist access below the waterline. However any member of staff with access to sensitive information as part of their job has an opportunity to remove information when they leave. In times of a credit crunch staff may feel insecure (whether or not this is well founded) and some may opt to remove commercially sensitive information - they differ from the IT staff in that they often have a much more specific knowledge of what key information might be of value to a future employer, or to release to a competitor out of revenge. They also of course take their own knowledge with them.

Leave a Reply