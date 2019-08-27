Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

One in Four Security Pros Would Steal Company Info to Bag Better Job

A workplace behavior survey by Gurucul has found that a quarter of IT security professionals would steal information from their company if doing so might help further their career.

The survey was conducted at the 2019 Blackhat USA Conference in the form of a questionnaire. When asked "Would you take company information to help you apply for a more senior role at a competitor?" 24% of the 476 respondents answered yes. 

Interestingly, the respondents who admitted that they would steal company information were happy to do so on the mere promise that it might help their career progression. Perhaps a higher number of respondents would have said yes if the proposed theft was guaranteed to give them a leg up on the career ladder. 

Despite one in four respondents apparently one step away from making off with company data, the department in their company that those surveyed considered to be most at risk from fraud was the finance department. 

The survey also asked respondents about their internet use and found that 44% of respondents spend at least an hour a day at work surfing the web for non-work-related activities. More than a quarter (28%) spend at least two hours a day visiting sites that aren’t related to their jobs.

Which sites are IT security professionals visiting on the sly while at work? Social media tops the list at 32%. More than 10% people admitted to looking for a new job while at work, while 19% said they explored possible vacations.

Asked to consider external threats, 76% of respondents said they had tightened up third-party access to their systems in light of recent third-party breaches. The third-party vendors that respondents most expected to find in the library with the lead pipe along with a blushing Miss Scarlet were managed service providers (MSPs). 

The survey found 34% of respondents were most concerned about third-party access by MSPs, while 30% had a similarly bad feeling about developers. 

Commenting on how close an eye companies should keep on their employees, Saryu Nayyar, CEO of Gurucul, said: “Companies should draw the line at monitoring activity and access logs, not people. Identify threats with behavior-based security analytics. Don’t try to watch what every person is doing at all times to root out the malicious insiders. True threats will surface with the right technology, and users won’t feel like it’s 'Big Brother' if it’s analytics – just a bunch of numbers!"

Related to This Story

What’s Hot on Infosecurity Magazine?

1
Opinion

Why the Security Industry Should Pay Attention to the Cisco Whistleblower Case

2
News

Malicious Android App Makes Double Debut On Google Play

3
News

City of London Hit by One Million Cyber-Attacks Per Month

4
News

Astronaut Accused of Committing Cybercrime in Space

5
News

Over 50,000 UK SMEs Could Collapse Following Cyber-Attack

6
News

Over Half of Social Media Logins Are Fraudulent

1
News

New Threat Group Targets Middle East

2
News

One in Four Security Pros Would Steal Company Info to Bag Better Job

3
News

UK Gov Launches £30m 5G Competition

4
News

#OSSummit: Linux Continues to Pay the Price for CPU Hardware Vulnerabilities

5
News

Apple Fixes Jailbreak Bug For the Second Time

6
News

#OSSummit: Don’t Ignore GitHub Security Alerts

1
Webinar

Mastering the Security Art of Identity, Access & Authentication

2
Webinar

Security Frameworks: How to Spearhead Careers & Bolster Cyber Defenses

3
Webinar

Reducing Cyber Risks and Complexity Through Increased Visibility

4
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

5
Webinar

DNS: From Security Risk to Defensive Asset

6
Webinar

Can You be Secure by Design, Compliant and Enable Optimum Functionality?

1
Blog

Security by Sector: Cyber-Attackers Targeting the Education System

2
Interview

Interview: Adnan Baykal, Global Cyber Alliance

3
News Feature

Webinar Report: How to Spearhead Careers & Bolster Cyber Defenses

4
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

5
Opinion

#HowTo Gain Visibility of Third Parties

6
News

#Alevelresults: Cybersecurity Options Appear