Interviews

What office workers would do with info

by Mark Rowe

What would employees be most likely to do if they were able to anonymously access sensitive company data including salaries, vacation time and sensitive human resources information? So an IT firm asked in a survey. The findings show the importance of controlling access to privileged credentials that can provide insiders and external cyber attackers with broad, unfettered access to a company’s most valuable assets, according to CyberArk.

The research among 1000 UK office workers in companies of 250-plus employees found the most coveted information would be other colleagues’ salaries (26pc), conversations about themselves (22pc) and sensitive HR information (20pc). If employees could change any information on their company systems without being caught, three in ten (31pc) would treat themselves to a pay rise and near one in five (19pc) would reward themselves with extra holiday days.

Matt Middleton-Leal, regional VP for the UK, Ireland and Northern Europe, CyberArk, said: “Security teams have long known that one of the most effective ways for attackers to access sensitive data is to masquerade as a legitimate insider – using existing privileged credentials to roam around a network and conduct reconnaissance virtually undetected. While this survey highlights the potential mischief that employees can get up to without proper access controls, it’s also an important reminder that insiders – or cyber attackers posing as insiders – pose one of the greatest security threats to organisations today.”

Most employees surveyed were happy in their job. However, very unhappy employees are twice more likely to want to spy on company information than very happy employees (61pc compared to 29pc). After making sure they were being fairly rewarded (33pc) and searching for office gossip (27pc), disgruntled employees would want to expose unethical or corrupt business (20pc) and show up dishonest or lazy people (18pc).

The main reason people don’t break into company computers is a belief that it wouldn’t be morally right (40pc). However, just over a quarter of people (27pc) said the repercussions of being caught is a turn-off, and one in five (21pc) cited their lack of technical skills. This suggests that many employees would be tempted to access or manipulate company information if they knew they could get away with it.

More than half (51pc) of all respondents said they would be prepared to go one step further and break into other companies’ systems or online accounts – but only if they knew they wouldn’t get caught. The most popular responses thought of personal perks, such as getting free holidays (23pc), adding funds to bank accounts (23pc), receiving free online shopping (20pc) and writing off loans (14pc). Others had more political motives, such as stopping immoral companies from operating (14pc), seeing secret government intelligence (11pc) or changing the law (5pc).

Middleton-Leal added: “Cyber criminals are getting more aggressive with their attacks, which are escalating more quickly than ever before – as with the WannaCry ransomware attacks. With cyber skills advancing all the time and attackers hiding behind valid credentials to avoid being noticed and caught, companies have to be more alert than ever to monitor and stop unwanted insiders in their tracks and protect their most valuable information.”

Visit www.cyberark.com.

Related News

  • Interviews

    Scots date

    by Mark Rowe

    Business leaders from across Scotland were given an exclusive insight this week into the security challenges they face at a new event…

  • Interviews

    CyberScotland Week

    by Mark Rowe

    Next week is CyberScotland Week. That was all the excuse we needed to speak to two men in cyber, to ask about…

  • Interviews

    UK cyber resilient call

    by Mark Rowe

    With cyber threats constantly evolving, the best defence is seen as developing innovative solutions that can work independently and protect against threats…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing