Employers in denial about insider threat to data security

Although insider threats to data security remain a serious problem, the word apparently hasn't made it up the corporate food chain in the UK.

Survey results released recently by the UK office of network security provider LogRhythm, headquartered in Boulder, Colo., found that nearly half (44 percent) the 1,000 employers polled said they trusted their employees not to access confidential documents or steal data from them.

More than a third of the sampling (37 percent) conceded that their workers might engage in those practices but would "like to think not."

Those employers may be a little naive about their workforces.

A study released earlier this year by Symantec and the Ponemon Institute of 3,500 workers worldwide revealed that half of them regularly emailed business documents to their personal accounts, a third confessed to moving work documents to unapproved file sharing apps and 40 percent stashed work files on their mobile devices.

"The big issue with that is that the majority of the people don't delete any of the data that they move," Robert Hamilton, director of product marketing at Symantec, told CSO. "It's a pretty significant problem."

He said employees need more education about data ownership. "It's not that people are bad and they're out to rip off their employers," Hamilton said. "They think they have an ownership stake in this information, and they're inclined to take it in the absence of somebody telling them not to."Ã'Â

The great trust that the employers place in their workers may explain why nearly a third of them surveyed by LogRhythm (31 percent) said they don't need to deploy any systems to stop employees from accessing confidential information or removing it from their companies.

[Also see: The three types of insider threat]

Another 16 percent of the firms surveyed confessed they didn't have data access security systems in place because they hadn't gotten around to it, and another 28 percent had them in place but said they weren't effective or not enforced.

Most organizations have access control systems in place, but those systems are becoming increasingly ineffective in protecting data, said LogRhythm founder and CTO Chris Petersen.

Five years ago, most of a company's data was going to be on a file server, locked down with permissions and rights management, he explained. "Today, you're looking at environments where your data is everywhere," he said in an interview. "It's mobile and those access control models have started to break down."

"An organization can have the tools to control access," Petersen said. "But they're useless because their data is out of control."Ã'Â

Protecting data from access by former employees didn't seem to be a priority of the firms either. A third of the respondents in the LogRhythm survey (33 percent) declared they didn't regularly change passwords to prevent ex-employees from accessing company websites or documents, and another 28 percent confessed they didn't adopt the practice, although they knew they should.

"Employees pose the greatest risk to a company's data," said Michael DuBose, who leads the cyber investigations practice at Kroll Advisory Solutions, and the former head of the cyber crimes division in the U.S. Department of Justice.

"There's been a lot of recent attention to Chinese hackers and state-sponsored cyber theft," said DuBose. "All of that is important. It's significant."

"But, I think it's important that companies not lose sight of the fact that, notwithstanding that threat, the vast majority of cases involving stolen trade secrets or proprietary data still originate with company insiders," he said.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securityapplicationssymantecsecurityinsider threatPonemon Institutesoftwaredata protection

More about CSODepartment of JusticeKrollLogRhythmSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts