Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

IT Workers Believe Employees Would Sell Company Data if Price is Right: Survey

Insider Threat Fears Exacerbated by Identity Management Challenges

A new survey of IT decision makers found that nearly half believe their employees would sell company data for the right price.

Insider Threat Fears Exacerbated by Identity Management Challenges

A new survey of IT decision makers found that nearly half believe their employees would sell company data for the right price.

The 2013 Market Pulse Survey was conducted by research firm Loudhouse and fielded answers from 400 IT executives in the United States and U.K. Among those decision makers, 45 percent believe that employees within their organization would be prepared to sell company data.

The core of the problem however is not just suspicious employers and employees. According to the study, it is an overall failure to fully manage identity and access. Fifty-two percent admit their employees have read or seen company documents they should not have had access to, and more than 50 percent of the respondents have experienced situations where terminated employees tried to access company data or applications after they left the organization.

Insider Threats

“Many organizations are struggling to manage ‘who has access to what?’ across the enterprise,” said Jackie Gilbert, CMO and founder of SailPoint, which commissioned the study, in a statement. “And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It’s pretty clear that if you’re not proactively managing cloud and mobile access today, you’re at increased risk of fraud, data theft, and security breaches.”

Eighty-four percent of enterprises use cloud-based applications to support major business processes, and 82 percent allow employees to use their personal devices to access corporate data or applications. However, while cloud applications are part of their IT environments, 41 percent of respondents admitted they are unable to manage them as part of their identity and access management strategy. In addition, just 41 percent said they have a process in place to automatically remove mission-critical data from mobile devices.

In more bad news, 46 percent said they are not confident in their ability to grant or revoke employee access across their entire IT infrastructure.

“There’s no denying it, cloud and mobile technologies are becoming mainstream,” Gilbert added. “But, as our survey indicates, enterprises are still ‘catching up’ to the required levels of oversight and control they need.”

Advertisement. Scroll to continue reading.

The survey can be read here.

*Headline adjusted to better reflect content in report

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...