Story image

Singapore, Aus employees admit to snooping around corporate networks

24 Oct 17

Employees in Singapore, Australia and across the globe are increasingly snooping their employer’s networks to deliberately seek information they are not permitted to access – and almost half of employees admit to doing so.

A new report from One Identity revealed that 94% of Singapore respondents said that employees in their organization try to access information that is not necessary for their day-to-day work, and 16% said it happens frequently.

When the employees themselves were asked, 47% of Singapore employees admit to looking for or accessing information about their company’s performance - information that is not required to do their job.

In Australia, 83% of respondents say their employees try to seek information and 65% of employees admit they have searched for or accessed information they did not need.

“Even though the majority of threats Australian organisations face due to their own employees tend to not be of malicious intent, the research shows a large amount of intrusive examining of information from employees when the data is outside of their responsibility. In reality, it could be that bit of intrusive meddling that puts organisations in a dilemma,” comments Richard Cookes, country manager ANZ, One Identity.

“Without proper authority of access permissions and rights, employees have a free-for-all to move about the business and access sensitive information such as financial performance data, confidential customer documents, or an executive’s personal files. If that valuable information ends up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks facing organisations that could result in irreversible damage to the business’s reputation or financial standing. The concern this should highlight is that organisations are very open to social engineering attacks where someone might join a company legitimately to attack it from within verses an external frontal assault. This makes protection of privileged access systems and applications from within even more important.”

IT executives are the most likely culprits by level: Globally, 71% of executives admit to seeking information, compared to 56% of non-manager-level IT security team members. Only 17% of non-manager team members admit to seeking information.

Smaller companies are also prone to bigger snoops: 38% of IT security professionals at companies with 500-2000 employees admit to snooping. At larger organisations, 29% of respondents admit to the deed.

“The alarming results of our study prove that employees in Singapore have a free reign to access sensitive information including financial performance data, confidential customer documentation, or even CEO’s personal files. Meddling with confidential information, even if it is non-malicious in intent, could lead to a serious damage to the business’s reputation and financial standing,” comments Lennie Tan, VP & GM of One Identity, Asia Pacific & Japan.

Globally, those who work for technology companies are more likely to search for information (44%), compared to 36% in financial services and 21% in healthcare.

“Businesses across the Asia Pacific region need to realize that potential cyber threats are not only coming from the outside of their organization,” Tan concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.