Although 36 per cent of IT professionals believe employees would access or steal confidential information, 38 per cent do not have, or know of, any systems in place to stop employees accessing unauthorised data. Surprisingly, 48 per cent regularly change passwords to stop ex-employees gaining access and the most commonly used deterrent is the threat of disciplinary action 64 per cent.
However, in a corresponding survey of 200 employees, 47 per cent admitted to having accessed or taken confidential information from the workplace, with 41 per cent using passwords and usernames to access data after they had left a company.
Notably, of those who had been caught, a quarter said nothing happened, while 67 per cent were spoken to, but no disciplinary action was taken. Even more worrying is that 79 per cent claimed their illegitimate actions had never been identified.
“While it is clear that the risk of rogue insiders is making its way up the corporate agenda, whats not clear is how organisations are dealing with nefarious employee activity,” said Ross Brewer, vice president and managing director for international markets at LogRhythm. In LogRhythms 2013 research, just 19 per cent believed employees would steal data, a number which has nearly doubled in the last year, indicating that businesses are slowly waking up to the realities.
“What is baffling is that, despite this, the majority of organisations are still not putting adequate systems in place. Indeed, it is not only staggering that such a large number of employees have never been caught accessing confidential data, but that those who have been have often got away with it scot free.
While more IT professionals cite the insider threat as a bigger security risk (31 per cent) than external threats (29 per cent), the general consensus seems to be that not enough importance is being placed on containing it, with 37 per cent feeling like their business could do more to safeguard information from employees. Considering that a third also have no idea whether or not they have suffered a breach before, it appears there is still a long way to go.