Most workers frightened by the prospect of layoffs are considering stealing corporate data to use in negotiating for a new job, our excellent sister site <a href="http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212201861">Dark Reading</a> reports. They're angry, scared, desperate, and unsophisticated -- but you, the CIO, are cool, calm, and confident because you're prepared for such an onslaught. Right? Well -- you <b>are</b> prepared, aren't you?

Bob Evans, Contributor

December 9, 2008

3 Min Read

Most workers frightened by the prospect of layoffs are considering stealing corporate data to use in negotiating for a new job, our excellent sister site Dark Reading reports. They're angry, scared, desperate, and unsophisticated -- but you, the CIO, are cool, calm, and confident because you're prepared for such an onslaught. Right? Well -- you are prepared, aren't you?The numbers from a range of surveys are scary: 56% of workers in one study are afraid of losing their jobs, and in two other studies 71% of workers said they have either already stolen customer data or are fully prepared to do so, according to "Insiders Pose New Threats In Down Economy," by Dark Reading editor Tim Wilson.

The frightening outlook extends beyond speculation about possible future behavior to hard facts about a surge in unauthorized actions by employees, according to the Dark Reading story:

"...IBM's ISS X-Force research team [reported last week] that it has detected a 30% increase in network and Web-based security events in the past 120 days, with the total number rising from 1.8 billion per day to more than 2.5 billion worldwide. The researchers attribute a significant portion of the uptick to insider activity motivated by economic fear.

"Unlike a 'quick firing,' tens of thousands of employees are readying themselves for the eventuality of losing their jobs -- and no doubt a high percentage of them [will be] 'disgruntled,'" said IBM security expert Gunter Ollmann in a blog earlier this year. "In today's computer-based work environment, with a little planning and forethought, a disgruntled employee can do a lot of damage with little fear of being caught and prosecuted."

If there's any good news in this unprecedented scenario, Wilson wrote, it is the relatively unsophisticated approach being taken by many employees concerned about losing their jobs and willing to steal from their current employers to improve their chances of finding new employment. Kevin Rowney, founder of the data loss prevention (DLP) unit at Symantec, formerly known as Vontu, gave this analysis to Dark Reading:

"Every day we're stopping more and more of these sorts of events -- many more than we saw before the downturn. It's a sad fact that rates of employee fraud rise in a down economy." Most of the economically motivated insider attacks are not particularly sophisticated or even well-thought-out, Rowney says. "In general, these are crimes of passion committed by employees who are angry or scared," he explains.

"These are not people who are sophisticated in IT, developing super-sneaky ways of stealing or sabotaging data without being detected. They're people who are under pressure, or who are mad and seeking vengeance, and they make a large cluster of bad decisions. In most cases, these are fairly obvious activities that can easily be detected if you have the right tools in place."

So we have met the enemy and it is us -- as CIO, are you fully prepared for this unprecedented level of inside attacks? If the CEO comes in and asks for your level of confidence, expressed as a percentage, to stop insider cyberthreats, what number would you offer: 75%? 80%? 90%?

If your answer isn't at least 90%, you need to read this Dark Reading piece immediately and then assign a team to follow some of the steps it outlines. Because here's one more thing the article points out, courtesy of RSA director of product marketing Katie Curtin-Mestre:

"We've seen clients that think they have only one instance of a database, and then through the discovery process, they find that there are 18 unauthorized copies of the data spread around the enterprise. These companies are in no position to leverage policies and controls because they don't know where the data is."

About the Author(s)

Bob Evans

Bob Evans

Contributor

Bob Evans is senior VP, communications, for Oracle Corp. He is a former InformationWeek editor.

See more from Bob Evans
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now