This is the basic result of two surveys – one for employers and the other for staff – undertaken by LogRhythm. What it shows is a disturbing gap between what employers believe, and what staff do. For example, while only 19% of employers believe that employees would access confidential documents or take data, 21% of staff already have – and one in ten do so regularly.
For the most part, staff tend to spy on other staff pay and bonus schemes; and while this is basically dishonest and can cause friction at the human level, it is not in itself a major security issue. It becomes potentially dangerous, however, when staff who are already accustomed to accessing confidential files leave the company.
Asked if they change passwords to stop ex-employees being able to access sites or documents, more than 60% of employers said no. But 10% of employees admitted to making note of confidential records and contact details after handing in their notice. The primary reason is to get a head start in the new job and impress the new employer (80%), but as many as another 23% did so out of spite or revenge.
“There is a clear gap between businesses’ internal security procedures and the harsh reality of employee behaviour,” said Ross Brewer, vice president and managing director for international markets at LogRhythm. But the disturbing part is that if employers don’t know, or have no method of discovering, what their own staff are doing on the network, they are equally unable to see what an interloper might be doing. “With recent government proposals to increase the sharing of cyber threat intelligence among businesses, the first stage must be to ensure that more employers have the right level of visibility to track suspicious or abnormal behavior on their own networks – but this is clearly not happening,” continued Brewer.
Employers seem to be as optimistic about not being hacked as they are about their own staff – and this is clearly dangerous. The solution, for both the insider threat and the intruder, is greater network visibility. “One of the main reasons why the ‘era of the data breach’ is now hitting hard and fast,” says Brewer, “is that organisations just don’t have the level of visibility into their IT networks needed to secure their ever growing infrastructures. Employers therefore need to ensure they are proactively monitoring every single activity that occurs across their entire IT estate – both from the inside and the outside.”