Almost half (45pc) of office employees would be willing to sell corporate information to people outside their organisation, it’s claimed from a survey by a cyber-security company. Just £1,000 would be enough to tempt a quarter of employees to give away company information – and one in 20, 5pc, would give it away for free.
The ‘What is the Price of Loyalty‘ report suggests 15pc of office workers said that for £1,000, they would pass on confidential market information about their company or customers’ businesses, details of their firm’s sales pipeline, sensitive information relating to their colleagues, and customer information. One in ten respondents would also sell intellectual property, such as product specifications, product code and patents, for £250 or less.
This is not just a hypothetical threat, says Malvern-based Deep Secure, among the exhibitors at the annual Infosecurity Europe show at London Olympia from June 4 to 6. A majority, 59pc of office workers admitted to having taken information off corporate networks. In some instances, this was for personal use, with the potential value to the individual’s career success a key driver: either because it would be of use in a new role or they wanted to keep a record of their work (both 12pc respectively).
However, 47pc of those that had taken information from their corporate network admitted it was given to a third-party (rising to 62pc among male respondents). Frequently the information was taken from a previous company and given to their new employer or employees (16pc and 19pc), but 17pc were approached by someone they didn’t know.
The findings also suggest that criminals are targeting younger employees: one in five (19pc) respondents in graduate-level roles admit that they were paid to source the information, with 29pc of 16-24-year-olds reporting they had been approached by someone they didn’t know to take it.
As for how this information is being taken, some individuals report using traditional techniques to take information from corporate networks, including printing, handwriting and taking a photo of the information (11pc, 9pc and 8pc respectively). However, digital techniques are more commonly used with 11pc of respondents reporting having sent the information to the third-party by email, directly uploading it into their personal cloud storage, or given it them on an external storage device.
Eight per cent also reported using cyber tools to hide and exfiltrate company information (such as steganography or encryption). This was not only prevalent in the IT & Telecoms industry (13pc of respondents), but the HR and finance industry also reported comparable use of cyber tools (15pc and 12pc respectively). The use of cyber tools to steal company information has been democratised by the availability of toolkits on the dark web, the cyber firm says. For example, steganography toolkits, which enable cybercriminals to encode information into an image or text, can be downloaded for free and guarantee an undetectable route for getting information out of the company network.
Dan Turner, CEO of Deep Secure said: “The cost of employee loyalty is staggeringly low. With nearly half of all office workers admitting that they would sell their company and clients’ most sensitive and valuable information, the business risk is not only undisputable but immense in the age of GDPR and where customers no longer tolerate data breaches. And it appears to be growing, with the 2018 Verizon DBIR [Data Breach Investigations Report] showing that insiders were complicit in 28pc of breaches in 2017, up from 25pc in 2016. Given the prevalent use of digital and cyber tactics to exfiltrate this information, it’s critical that businesses invest in a security posture that will help them both detect and prevent company information from leaving the network.”
