I’ve been at the RSA Conference all week, so I just noticed an intriguing news item from The Register on Monday. The article details survey results from an unnamed security vendor, concluding that one-third of workers are open to bribes for data theft. It’s beyond the scope of this blog to speculate on the statistical validity of a poll of 600 workers passing through London railway stations, but nonetheless the survey (and the numerous online responses generated by article) are food for thought.
According to The Register, the survey reveals that:
- 37% of respondents admitted they would hand over their organization’s most sensitive data for bribes ranging up to a million pounds.
- Two-thirds of respondents said they’d only engage in data theft for at least one million pounds, although 10% said they would do it if their mortgage was paid off.
- 2% of respondents said they’d be willing to hand over their company’s data in exchange for a slap up meal (which I hear is the British equivalent of a nice steak dinner).
What I find most interesting about this article is the comments thread posted on The Register’s site. If you want to sample the degree of cynicism and disgruntlement of employees (many of whom I’m guessing are security professionals if they’re reading The Register), I suggest you read through them. During periods of massive corporate layoffs, pay cuts and forced vacations, it’s naive to assume that employee loyalty will remain intact. Organizations must adjust their risk management strategy and internal controls to compensate for this fact. A key ingredient is to limit and monitor access to sensitive data and to proactively address the risk of privacy breaches, fraud, and IP theft.