• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Code42

Threat to corporate data from departing employees ‘underestimated by businesses’

960 640 Stuart O'Brien

More than half (51%) of knowledge workers believe the risk to corporate data from departing employees is being underestimated and bigger than organisations think, while (87%) report their former employer has never approached them to verify they hadn’t taken data when they’ve left a job.

That’s according to Code42’s new Data Exposure Report, which concludes workers believe their employers aren’t protecting themselves against the departing employee insider threat and that data theft is posing a real danger to both former and new employers.

Other key findings from Code42’s new Data Exposure Report on insider threat include:

  • Three-fourths (75%) of respondents say that their new employer did not ask them if they had brought data from their previous employer
  • One-third (32%) of respondents who had infiltrated data were encouraged by their new employers to share it with new colleagues
  • The most common forms of data taken from a previous to a new employer are examples of one’s work (38%), followed by colleagues work and financial records (both 19%)
  • 17% also took customer lists or records, just over one in ten knowledge workers (14%) also took customer’s data — which could lead to a serious violation of GDPR
  • Two-thirds (63%) of respondents who said they have taken data are repeat offenders
  • Staff have the ability to access and therefore exfiltrate: data they didn’t create (73%), data they didn’t contribute to (69%), and 59% can see data from other departments

Code42 surveyed nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany.

“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organization is busy sharing.”

CEO Phone

75% of CEOs using unapproved programs and applications

960 640 Stuart O'Brien

A study by data security experts Code42 has revealed that 75% of CEOs admit that they are using applications and programs that are not approved by their IT departments, playing a game of chance with critical corporate data.

Despite the known risks facing organisations today, such as data breaches, business decision makers (BDMs) and CEOs are putting critical data at jeopardy, according to the report.

Three quarters of CEOs and more than half (52%) of BDMs admit that they use applications/programs that are not approved by their IT department. This is despite 91 percent of CEOs and 83 percent of BDMs acknowledging that their behaviours could be considered a security risk to their organisation.

IT decision makers (ITDMs) say that half (50%) of all corporate data in the enterprise is held on laptops and desktops, instead of in the data centre or centralised servers. In the U.S., this rises to as much as 60%.

Simultaneously, the significance of this data to the productivity and security of the business is well understood at the top of the organisation — with 63% of CEOs stating that losing this data would destroy their business. But, awareness of the risk is doing little to change adherence to proper security practices.

“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinised all the way to the CEO,” said Rick Orloff, VP and CSO at Code42. “By using unauthorised programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy.”

www.code42.com