We were pretty enthralled by last week’s article over at The Register, which covered a survey that claimed that one third of employees would sell sensitive company information — including IP, financial records, and customer credit card details — for the right amount of money. But that’s not even the shocking part. The survey went so far even as to claim that a small percent of employees (3%, to be exact) would be willing to sell this information for a measly £100 — that’s $156.02 to those of us over here in the colonies. Roughly a quarter of surveyed employees would sell sensitive data for £5,000, and that number increased to 35% when the bid was upped to £50,000.
Those are some shocking statistics, but reactions to them vary. There were some interesting points brought up in The Register’s comments section.
Just pay your employees who have access to sensitive data accordingly, one user posted.
One might counter if your behavior is modified primarily by money rather than morals and ethics you may be part of the problem, another retorted.
“Someone else pointed out, Morals and ethics don’t pay bills and debt.”
It’s hard not to immediately get caught up in this sort of debate. $150 seems like an astonishingly low reward for anyone to be willing to do such an act. But when you consider that almost half of Americans say that they couldn’t afford a surprise $400 bill, it starts to make you wonder: are these people driven by greed, or desperation?
In the end, does it actually matter?
The argument reminds us of the thoughts we had in response to an IT World Canada article, in which a security professional made the claim that well-treated employees don’t commit insider crimes. In a similar vein, will well-paid employees sell data?
The answer is maybe and that still should be enough to scare you. We have no way of knowing whether the results of this particular survey are the result of economic downturn or a reflection of greed and low morals. Ultimately, however, the reason shouldn’t matter. Chances are, 35% of your organization is a pretty large chunk of people. It only takes one to cause a major breach.
Is that a gamble you’re willing to take?
Some people may look at the results of this survey and, after an initial reaction, lull themselves into a false sense of security.
“I only hire good guys, they wouldn’t do that to me.”
“I pay well, my employees don’t need to sell data.”
“I trust my workers. This survey isn’t talking about me.”
There are people out there who could be paid extremely comfortable six-figure salaries and still be willing to sell out your data for a quick buck. The scary part is, you don’t know who those people are or what will happen if they ever get the opportunity. If there’s anything we’ve learned from past experience, it’s that even companies who feel totally secure can get burned.
This survey is yet another indication that the insider threat is a bigger problem than people realize. Trust your employees, but verify to make sure that trust isn’t misplaced. After all, you have no way of knowing what someones number is it may be lower than you’d think.
Worried about a data breach? Dtex’s user behavior analytics software provides ironclad insider threat detection. Contact us to see how we can help.