A shocking 25% of employees would happily sell highly sensitive business information for as little as £5000, according to new research from Clearswift highlighting the insider threat facing firms.
The security firm interviewed 4000 staff members in the UK, Australia, US and Germany and found a quarter of them would risk both their job and a conviction for a monetary reward which amounts to less than three months of the average UK wage.
Just 3% said they’d sell corporate information for £100, but the figure rose to 18% for those who’d do so for £1000. That percentage rises again to 35% if the monetary reward offered is raised to £50,000.
Clearswift SVP of products, Guy Bunker, argued that while the research highlights a valid concern, a knee-jerk reaction would do more harm than good.
“Much of the problem comes from an inflexible approach to critical information protection. The key to using both policies and technology effectively against such threats is to truly understand what you’re up against,” he told Infosecurity.
“It’s an absolute must that organizations understand what their critical information is, where it is being stored, how it is communicated and between whom; the more people who have access, the greater the chance someone will misappropriate it. They must consider who might leak their data, under what circumstances, how they could do it, what would motivate them, and what the consequences would be for the company.”
Taking the above steps would give organizations a far better chance of predicting dangers and reducing their impact, Bunker argued.
“It also allows you to develop specific policies and deploy intelligent technologies that can support secure data sharing but identify and deal with suspicious activity, with minimal business impact,” he added.
“And of course, all of this must be done in a way that respects your employees. Happy, valued employees are far less likely to pose a threat in the first place.”