This article is more than 1 year old
A third of workers admit they'd leak sensitive biz data for peanuts
And three per cent of employees would consider offers as low as £100
A third of employees would sell information on company patents, financial records and customer credit card details if the price was right.
A poll of 4,000 employees in the UK, Germany, USA and Australia found that for £5,000, a quarter would flog off sensitive data, potentially risking both their job and criminal convictions in the process. The number of employees open to bribes increased to 35 per cent when the offer was increased to £50,000.
But a small minority of workers (three per cent) would sell private information for as little as £100, according to a poll sponsored by net security firm Clearswift. The exercise was designed to highlight the well-understood problem of insider threats posed by potentially corrupt or disillusioned employees.
Corporate data is potentially valuable to competitors, foreign governments and criminals and employee bribery can prove easier than pulling off a sophisticated hack.
The issue is more complex than just workers being open to bribes, because it encompasses a wide range of actions and motivations. Edward Snowden has being the poster child of infosec marketing types keen to talk about insider threats for months. Accusations that insiders or ex-workers might somehow be involved in the high-profile Ashley Madison and Hacking Team breaches have served to increase interest in the area.
The opportunity to sell valuable information is increased by the ready access most employees have to sensitive data. Most of the respondents (61 per cent) said they had access to private customer data, 51 per cent to financial data such as company accounts or shareholder information, and 49 per cent to sensitive product information such as planned launches and patents.
A related Clearswift survey of 504 information security professionals, also conducted by technology research firm Loudhouse, found 62 per cent reckon workers don’t care enough about the implications of a security breach to change their behaviour. ®