You can’t buy loyalty, but if you’ve got enough money, you can buy sensitive corporate information from disaffected office workers. At least, that’s the finding from UK infosec firm Deep Secure, which today published its ‘What is the Price of Loyalty’ report.
Among other things, the paper shows that 15 percent of all UK employees would hand over corporate information for £1,000 (about $1,260). This includes confidential market and sales information, as well as details about colleagues and customers.
Shockingly, Deep Secure found that one in ten workers said they’d sell intellectual property, like product specifications and source code, for £250 (about $315) or less.
The report takes pains to state that this isn’t hypothetical, but is rather an ongoing threat to organizations, with 59 percent of office workers claiming to have taken sensitive information from their workplaces without proper authorization. It’s worth noting, however, that this isn’t always inherently nefarious in intent.
Some 12 percent of those who admitted exfiltrating data from their workplaces said it was to keep a record of their work. The same amount of people said they took data from their job in order to help them in a future role.
While this is obviously against the rules of their workplace, it’s not necessarily harmful to the organization. However, 47 percent of those that stole data from their place of employment say they gave it to a third-party, either to their new employer or new colleagues, or in 17 percent of cases, to an unknown actor.
There’s a generational factor at play here. 19 percent of all employees in graduate-level roles told Deep Secure they were paid to source information for a third-party, while 29 percent of office workers aged between 16 and 24 report being approached by an outsider for company data.
That’s not really a surprise. Entry-level jobs pay the least. As you climb the corporate ladder, stealing company data for profit is an easy, albeit potentially career-ruining, way to make some extra cash. While £250 isn’t a lot of cash, if you’re struggling to get by, it could easy cover a credit card payment or a utility bill.
Dan Turner, CEO of Deep Secure said: “The cost of employee loyalty is staggeringly low. With nearly half of all office workers admitting that they would sell their company and clients’ most sensitive and valuable information, the business risk is not only undisputable but immense.”
Turner goes on to suggest that workplaces invest in the tools designed to fight data exfiltration. The report shows that 11 percent of those that sent data to a third-party used email, an online cloud storage service, or an external storage device, like a thumb drive or CD-ROM.
You could make the case that if you get to that point, you’ve probably already lost the battle, and that any sufficiently motivated adversary would find a way to circumvent any protections. In this scenario, prevention is almost certainly better than the cure.
What does that mean? Developing a culture of loyalty across staff. That’s easier said than done, but a good start is by paying employees a competitive (and crucially, living) wage, as well as removing toxic elements from the workplace.