Clear disconnect between perceived risk and actual behaviour, as one in five employees admit to accessing or stealing private company information while at work
(firmenpresse) - Clear disconnect between perceived risk and actual behaviour, as one in five employees admit to accessing or stealing private company information while at work
10 April, 2013 â LogRhythm, the leader in cyber threat defence, detection and response, today announced the results of a survey that suggests businesses are placing too much trust in their employees when it comes to safeguarding company data. In a survey of 1,000 employers, conducted for LogRhythm by OnePoll, 80 percent do not believe any of their workers would view or steal confidential information, while three quarters (75 percent) admitted to having no enforceable systems in place to prevent unauthorised access to company data by employees. Interestingly, a third of those employers believe that they do not need such systems at all. In addition, around two thirds of companies surveyed (60 percent) do not regularly change passwords to stop ex-employees being able to access sites or documents.
However, in a corresponding survey of 2,000 employees, 23 percent admitted to having accessed or taken confidential data from their workplace, with one in ten stating that they do it regularly. The most accessed confidential data related to details of colleague salaries (38 percent) and details of colleague bonus schemes (23 percent). An astonishing 94 percent of those who had accessed confidential information or stolen company data had never been caught.
âThere is a clear gap between businessesâ internal security procedures and the harsh reality of employee behaviour,â said Ross Brewer, vice president and managing director for international markets at LogRhythm. âIn an era where data breaches are considered inevitable, and with the government urging for greater consideration of cyber threats within businesses, the amount of employers who are doing nothing about unauthorised access across their networks â and the even higher number who donât perceive any risk at all when it comes to employee data theft â is staggering.â
âEven more worrying than the lack of systems in place to stop employees stealing data is that many organisations still have no idea whatâs happening on their networks at all. With recent government proposals to increase the sharing of cyber threat intelligence among businesses, the first stage must be to ensure that more employers have the right level of visibility to track suspicious or abnormal behaviour on their own networks â but this is clearly not happening,â continued Brewer.
When asked, more than a quarter (27 percent) of employers could not identify the biggest threats to their confidential data, while 14 percent did not even know whether employees have stolen data â even though they believe employees would do so.
âItâs one thing to place too much trust in your employees and consequently neglect to enforce any systems monitoring unauthorised access and stealing of data. However, the fact that 14 percent of employers think their employees would steal data, and yet have no idea whether or not this has actually happened to them, is simply unacceptable. One of the main reasons why the âera of the data breachâ is now hitting hard and fast is that organisations just donât have the level of visibility into their IT networks needed to secure their ever growing infrastructures. Employers therefore need to ensure they are proactively monitoring every single activity that occurs across their entire IT estate â both from the inside and the outside â rather than placing too much trust in reactive perimeter defences or security strategies focused on securing particular areas of the IT estate, which donât give organisations any insight into anomalous network activity.â
LogRhythm advocates that is essential that organisations make better use of the data generated by networks so that data breaches â whether internal or external â can be identified before they have a chance to escalate. Using security intelligence platforms such as Security Information and Event Management (SIEM) as part of an integrated Protective Monitoring strategy enables automated, centralised collection and analysis of log data that ensures anomalous behaviour is identified as it occurs. Developing this deep insight requires the ability to see even minor changes that may occur across the IT estate, such as files being accessed without permission or altered or copied to portable storage devices.
âAs cyber threats increase in severity and complexity, organisations need to really understand the difference between ânormalâ and âabnormalâ behaviour across every dimension of their electronic enterprise and give context to any anomalous network activities. Only then will employers have the necessary visibility to combat unauthorised employee activities â which will no doubt only continue to escalate with increasingly connected workplaces,â concludes Brewer.
The full findings of both surveys can be found here:
Employers: http://logrhythm.com/Portals/0/resources/LogRhythm_survey_results_4.2013_employers.pdf
Consumers: http://logrhythm.com/Portals/0/resources/LogRhythm_survey_results_4.2013_employees.pdf
About LogRhythm
LogRhythm is the largest and fastest growing independent Security Information and Event Management (SIEM) provider in the world. The companyâs patented and award-winning SIEM 2.0 Big Data Security Analytics platform empowers organizations around the globe to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before. LogRhythm also provides unparalleled compliance automation and assurance as well as operational intelligence to Global 2000 organizations, government agencies and mid-sized businesses worldwide.
Positioned as a Leader in Gartnerâs 2012 SIEM Magic Quadrant and listed as a âChampionâ in Info-Tech Researchâs 2012 SIEM Landscape Report, LogRhythm also earned a perfect, 5-star rating and this yearâs exclusive âBEST BUYâ in the SC Magazine SIEM Group Test. Additional awards have included Computing Securityâs Bench Tested Solution of the Year, SC Labsâ âRecommendedâ 5-star designation twice, SC Magazineâs Innovator of the Year Award, Readers Trust Award for âBest SIEMâ solution and âBEST BUYâ designation for Digital Forensics. LogRhythm is headquartered in Boulder, Colorado with operations in Canada, Europe and the Asia Pacific region.