business , security

Unhappy employees Risk Factors

April 10, 2009

Employees are a greater risk to computer-security for companies than the much-feared hacker, and experts say. Eight in 10 computer-security breaches are caused by staff members, many of whom are simply disgruntled, says a risk consultant

Eighty per cent of IT security breaches are the result of actions by staff

Fifty per cent are disgruntled employees, sitting there with a gripe against the company

Often, they strike back because they feel they are underpaid or are about to be dismissed. Most of the rest do it for fraud, with a small minority of computer-security breaches a result of negligence, he added.

Employees who work closely with the computer system pose the greatest risk. These guys are inside any security measures you put them in. They are trusted personnel, especially IT managers. They are gods on the network and can see any information they want” and, thus, can wreak the most damage.

There are three types of security breaches to which the employer is exposed: Breaches of sensitive or classified information. These can simply be the weapon of a disgruntled employee trying to seek revenge, though fraud is often the motive. Selling a companies proprietary software code to a competitor is a increasingly common example.

Corrupting files by deleting or changing the data is usually the act of someone seeking revenge for perceived mistreatment and it would be very difficult to discover before the damage is done.

 

Encryption is where a vital database is either deleted or encrypted. In the latter case, the data is still there, just inaccessible. An employee, working on a contract basis, who encrypted files so that nobody else could access them once his contract expired. The motive, it was discovered, was he hoped to be offered a new contract to help the company access its “”lost” data. If the encryption is secure, then the company would find it difficult to undo the damage.

Much of the work is done using time-bomb viruses, which kick in only several weeks after the employee has left the organization.

In some cases, negligence — “”lack of education” can also cause security breaches.

People have these IT systems and are taught how to use them but are not necessarily taught about security.