A somewhat self-serving survey ahead of an information security trade show in London next week reveals a third of workers can potentially be bribed into handing over company data. A poll of 600 workers at busy London railway stations found more than a third (37 per cent), admitted that they would hand over their organisation's …
"It's conventional wisdom that corrupt insiders - rather than hackers - pose the greatest security threat, but a recent survey by Verizon Business, which looked at real incidents of data breaches, found the opposite."
I know from personal experience that it's really easy to phone someone up, claiming to be from HR and ask them for their employee number. Once you have that, you can get their passwords reset. Then you can log in with their account and get whatever information you require.
It's FAR easier than trying to guess the password or crack into the system. Humans are always the weakest link in the chain and Verizon know that as well as anyone. How many times have government IT systems been breached and data stolen? Not many times (that we know about). How many times has a human been the weak link in the chain and left their laptop on a train or in a taxi?
Verizon are in the IT game though, so they're bound to trump up problems that they have solutions for and downplay the problems that they don't have solutions for...
Well, you need to make it profitable over the years one might spend in jail if found guilty of the offence. Taking 10k quid for 5 years in the clink just isn't good business sense. But if you take 1 million, you'll probably escape jail completely. Just look at how the biggest thieves are those who also never go to jail.
Workers are surprisingly loyal
Given that their employer will very happily fire them instantly for nothing more than a pat on the back from the shareholders, employees are surprisingly expensive to divert from the "right path".
This survey goes to show how much more loyal than the employer the employees are.
On a sidenote, this article is seriously lacking in the PH department.
Believe what you will, but the Truth will always find ITs WAI to Triumph Gloriously :-) ...
.... and at the Most Convenient/Inconvenient of Times.
"It's conventional wisdom that corrupt insiders - rather than hackers - pose the greatest security threat, but a recent survey by Verizon Business, which looked at real incidents of data breaches, found the opposite. The Verizon survey is well worth thinking about before placing too much weight on what people are apt to say at train stations."
But that was before everyone started to realise that the System is Corrupt, and Most Corrupt from the Top Down and that Loyalty is to Self is their Abiding Motto. ..... so the conventional wisdom is Spot On. Hackers are just a convenient distraction/scapegoat, although I'm sure they will have quite wonderful plans to even the score and remove the Blight/Blots on the Binary Landscape.
And who could blame them or even wish to whenever things are so dodgy and phishy.
give it up
When I was teaching, I used to tell my students that I was perfectly willing to sell the answers to the exam, but since it would spell the end of my teaching career, the price had to be "enough money so I will never have to work again for the rest of my life." No one ever took me up on it.
The offer still stands for any company data I might have access to, as long as I can't go to jail for industrial espionage or somesuch.
The other 2/3rds are lying.
Also, Amanfrommars is getting way to coherent.
Don't give me that crap about, "If I have enough money I could hide!". Balls! Interpol or the FBI would have you in clinky just like that! This is money making orgs we're talking about, terrorists can wait, but if a business loses so much a biro the law will be down you just like that!
"firms should be more wary of their workers".
Pay us more and we'll be happy. Don't overwork us and expect us to get by on a pittance. If a person is comfortable where they are, and satisfied with what they do for what they earn, the probability that they betray is MUCH lower than someone who's either underpaid or overworked.
Me? Not so sure that I'd do it.
I literally have the exact problem at the moment - whether or not to hand over company data for a very reasonable offer.
I've said that "I'm thinking about it"
It really is a difficult decision!
What to do???
Paris can be very persuasive!!
First, I endorse what Pierre said.
Second, I take some exception to describing the "greatest security threat" as "corrupt insiders." Mostly for phrasing reasons. I don't get the impression that these insiders are "corrupt" so much as "apathetic and resentful," and, as a consequence, corruptable. Disloyal, certainly. But is The Company going to show the employees any sort of loyalty, or indeed even any basic respect that isn't legally mandated? And keep in mind that Dilbert is the most painfully "it's funny because it's true" comic strip on the planet, even with talking animals.
If The Company would obviously stab you in the back if it was profitable, and/or if The Company just generally clearly does not care about you, why WOULDN'T you shank The Company for a nice dinner? The only incentive not to is the possibility of getting caught, which is probably the only reason why those numbers aren't higher.
Psst need data rapid like guv
It says a lot that staff would even consider this, apart from ethics, some people have standards, and some people are just plain scared of breaking the rules.
Still what sort of "slap up meal" is on offer, anything from Mcdonalds would do so long as it was extra larged, or if you wouldn't mind I'd prefer the honey trap personally.
Something a bit voluptuous, not scrag like Paris
U.S.$3.5 Million would just about do it at today's interest rates. That's a 50K a year income for life, if the liver holds up.
Sadly, nothing in our computers matters, is up to date or makes any sense whatsoever. The net worth of the enterprise database is about four and sixpence three farthings (the currency in use when the data was acquired).
Another dream, that of all-too-imaginable unearned wealth, dies on the vine.
As Pierre indicated, workers are surprisingly loyal. If they handle information so sensitive to their organization thay should be payed accordingly. Otherwise it is quite possible that paying their mortgage (AKA roof over their heads) is more important than their employesrs wellfare. The results for Credit Card data, wich if missused affects a third party, are completelly different. Peolple preffer to screw their employers than complete strangers....that says a lot about their employers IMHO.
Mine´s the one with the Carl Marx book and blanck CC's in the inner right pocket
Well, if someone asked me...
If someone offered me a choccy bar for a password, I'd take it.
Of course, I wouldn't give them the REAL password, and they'd not know the username or system involved either. So serves them right! I love responding to all the phishing emails with plausible but totally incorrect nonsense...
You owe them a week's work, they owe you a week's wages.
They should have offered Klondike bars, people will hand over the root password for one...
I have five hundred quid in small bills if you tell me the root password for your work system.
Something which could never be traced to you, with a cash offer? Of course, it would probably take a few tries to get a real password, and you might trip a few alarms if you hit someone honest first.
But I bet there's a lot of money to be made from just one companies network.
Can you figure out a way to pocket the bribe AND the reward for turning them in?
Criminals must be nostalgic for the good ol' days, when they could get all the access they needed for a bar of chocolate.
I'd do just for the fun.
Moving On........ into Green Fields and Titanic Quarters dispelling Holywood Myths.
"I literally have the exact problem at the moment - whether or not to hand over company data for a very reasonable offer.
I've said that "I'm thinking about it"
It really is a difficult decision!
What to do???" .... By Anonymous Coward Posted Wednesday 22nd April 2009 17:40 GMT
The very facts that your thinking about it and it is only a very reasonable offer would suggest that it will end in tears. If the data was worth anything, the company would be bought, lock, stock and barrel .... a la the SunNIOracle Fusion ....... which is surely Cloud Crowd Control CentrIQ.
Whenever Networks are Computers, is Reality Virtualised and BIOS MetaDataMorphed into an Artificial Intelligence Resource Feeding Networks Internetworking Oracles ....... Future Content.
And thus do CyberIntelAIgents Lead with IT Programs for Media BroadBandCasting/Plagiarisation/Feasting/Phishing ..... because that is what they are Groomed for. That is their Reason for Being.
And Now, would they Turn their Attention to, and the Harry Limelight Spotlight on, the Funny Money Currency and Banking System which Powers All Manner of Evil and Lays Waste to All with Subversive Debt Incursion Plans, which would appear to be its Suicidally Vulnerable, Catastrophe Guaranteed, Perverse Core Driver Methodology ...... rather than any Artificial Credit Distribution for Creative Empowerment with Fiat Paper, which would be a much Simpler and More Constructive Protocol, which would Immediately Sort out the Men from the Boys and the Good from the Bad.
Power is not Controlled by Creating Disadvantage. Control is Powered by Created Advantages with IT ..... with the Very Best in Better Beta Management of Universal Perception Systems ......[which you may like to consider as NINJAs in Cloud .... and NIRobotIQs into Critical Strategic StratovSpheres]*
* Optional Egghead/Deadhead Content .... which has one asking "Whatever happened to Alex Allan, the Chairman of the Joint Intelligence Committee and Head of Intelligence Assessment." ...... http://www.cabinetoffice.gov.uk/security_and_intelligence/community/news/new_jic_chair.aspx .... after his mysterious accident.
I thought DLP...
.... stood for Data LOSS prevention.
Half Price Data Sale - Everything Must Go !!!
Pffffft, I'd flog ANY company data for a tidy sum given half a chance.
What? Are we meant to feel some kind of loyalty herre? Dream on. Only a rampant idiot would be loyal to an organisation that doesn't give a shit about them. I've never worked for anyone who didn't "try it on" at some time or other, trying to wriggle out of pay, holidays, rises, promotion etc. etc. It's simply common sense - when companies turn it into a game, then both sides can play.
It's fairly sad
to think that so many people would be so easily persuaded.
It may well be that 'The Man' doesn't care much for his employees. But two wrongs don't make a right.
And handing over confidential personal information can end in so much heartbreak for the unlucky pawn.
A sad state of affairs indeed.
Re Half Price Data Sale - Everything Must Go !!!
In an Age like Today, when Information is King and Data Retention and Analysis are so much in Vogue and de Rigeur and Valuable, what do you think the Information you have Shared so Freely there ... [Posted Thursday 23rd April 2009 09:13 GMT] ... has done to your Chances of Advancement in any System of Advancement of Chances. Don't you Realise the Internet and Web Pages are a Virtual CV for Any and All who Boldly Go AIdDVenturing Opinions. Although that is not to say that one cannot Change from Sinner to Saint but it one would always need Compelling Guaranteed Evidence to easily Guarantee and Dismiss the One over the Other...... although an Easy Ability to Work for the Common Good in Both to the Detriment of Neither is a Skill which is a Priceless Asset Enjoyed by ....... well, whether a Select Few or QuITe a Few is One of Mysteries which is only Apparent to All of Them? And even that is a Question because it may be only a Select Few of them.
Even when IT is a Game, it is always Better to Play IT without betraying Yourself and showing Lack of Worthwhile Character, for what you Give is what you Get is True Enough to be an Absolute Rule in Temporal Conditions.
Reap what you sow
If businesses tried treating their staff with a little more respect they might find it wasn't necessary to be "more wary of their workers."
All employees need to become a lot more business minded to avoid feeling exploited.
Pierre: "Workers are surprisingly loyal given that their employer will very happily fire them instantly for nothing more than a pat on the back from the shareholders"
I agree entirely. Most workers are initially won over by the talk of their bosses and are lead to believe that by working hard for their company, they are then also investing in their own future. Employees are not working for their own future no matter what their bosses tell them. For a start, almost all bosses don't pay what an employee is worth (although they tell their employees they do). Bosses simply pay however low they can get away with. Also employees are not investing in their own future. They are investing in their bosses future. The proof of this, is that employees are not shareholders of the business they work for. That means legally the boss can make them redundant and the employee looses all their hard work, as the boss effectively walks off with their profits.
All employees need to become a lot more business minded to prevent them being so easy to exploit. This would also prevent employees feeling they were being totally unfairly exploited by their bosses. (This survey taps into that feeling of exploitation by offering people a chance to dream about finally getting something back from their company and so a sizeable amount jump at the chance. Although there is a difference between dreaming about selling info to actually doing it. I expect much less would actually do it, but it does highlight how unhappy employees are in their jobs).
I've found the most effective way to prevent being exploited is to judge people by what they do and not by what they say. Ignore totally their excuses and explanations and judge them instead on how they treat others. This works in every aspect of life. So it also helps to see through what a boss says.
I've also found it really helps in wage negotiations to know what my bosses are earning (and what I'm earning them). Everyone can legally find this information out by going to www.companieshouse.gov.uk. (Use their WebCHeck service).
(It only costs £1 per document, and I've found spending £20-£30 the best investment I've ever made. (The documents are end of year financial reports about what shareholders get etc.). Depending on how complex their company is (some bosses run more than one company and move funds between the companies, so its a bit of a paper trail to seek out the company which is really them).
I've found it a real eye opener to see what I've earn my bosses (to the point of being completely shocked at what I've found). It helps put into context what bosses tell me. It also makes me less afraid of feeling guilty to ask for more money in pay reviews and less willing to just work for free for the betterment of the company knowing I'm not going to see a return on investment. Its a far better quality of life to simply enjoy more free time instead. (Unless they are willing to pay me extra to give up some of my free time). All employees need to become a lot more business minded.