Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Innovation
    • IT Management

    Research Indicates CEOs, Other Execs Routinely Steal Company IP

    By
    CHRIS PREIMESBERGER
    -
    August 3, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Insider.Threat

      Security professionals have always contended that the weakest link in any security system isn’t the hardware or software—it’s nearly always a human or humans who interact with it.

      A new study from information security vendor Code42, released July 24, bears witness to this once again, only this time the research reveals a rather disturbing trend: That a majority of CEOs and other business leaders, whose responsibility it is to oversee the protection of their enterprise’s most valuable assets, engage in exactly the type of risky behavior that jeopardizes their businesses’ intellectual property.

      Such are the foibles of humanity–only this particular type of foible can be extraordinarily devastating to a business enterprise if allowed to continue with impunity.

      Knowingly Flouting Data Security Best Practices

      In fact, Code42’s researchers found, a high percentage of executives admit to have knowingly flouted data-security best practices and company policies by doing one or more of the following:

      • taking intellectual property upon leaving their previous employer;
      • keeping a copy of their work on a personal device, outside the relative safety of a company server or in a company cloud;
      • clicking on questionable links, putting their data at risk from malware; and
      • downloading unsanctioned software.

      Some of the conclusions of the study were:

      • Even the strongest data security policies and perimeters are no match for human emotion and behavior.
      • Without visibility to employee endpoints, IT can’t protect valuable company data. Yet, they’re expected to.
      • Despite the expense and effort of setting up security perimeters, CISOs and CEOs are planning for data breaches—stockpiling cryptocurrency and paying the ransom when they happen.
      • While companies know that prevention-only strategies don’t work anymore, most haven’t yet evolved to meet the new challenge.

      IP Theft Widespread?

      What were the most surprising aspects of this survey for Code42, outside of how widespread this IP theft practice is?

      “I don’t think anybody in this industry should be particularly surprised about how widespread IP theft is by departing employees, but it is startling that Code42’s data security research uncovered that so many CEOs would admit to taking information,” Code42 Chief Information Security Officer Jadee Hanson told eWEEK. “I think the reason they walk away with their company’s IP and likely will continue to do so is that people feel entitled to their own work, so they probably don’t consider it stealing.

      “And maybe they don’t even realize they’re stealing it because they aren’t knowledgeable enough about IP policies and regulations. If that’s the case, then I’d consider that to be alarming, too – if anybody, executives need to know the rules backwards and forwards.”

      A couple of other findings in particular struck Hanson as surprising.

      “It’s staggering that so many executives are stockpiling cryptocurrency to pay ransom,” Hanson said. “Our study showed that many executives have already paid a ransom, which is a very dangerous practice. For one thing, it enables and emboldens cybercriminals. From my standpoint, it shows how important it is for organizations to enhance their security plans beyond just prevention. A robust security program needs to include prevention and detection with a large focus on visibility across the environment.”

      Nearly Two-Thirds of Respondents Breached in last 18 Months

      As a CISO, Hanson said he found it startling that 61 percent of the respondents have been breached in the last 18 months.

      “I expected the proportion of impacted companies to be high, but I did not expect that over half of the research respondents would have been impacted in that short timeframe,” Hanson said. “Securing your company’s information is not an easy job; it’s important that focus be applied to not only prevention, but detection and full visibility as well. Being in security means that bad things will happen. When they do, you want to make sure you are positioned with the right visibility and recovery tools and services to bounce back.”

      So what can infosec execs do about this? They are definitely caught in the middle.

      “Infosec execs need to be proactively aware of what’s going on in the industry and within their own organization,” Hanson said. “They need to be serious about educating their employees and turning them into data advocates.”

      Code42’s data security study showed that three-quarters of CISOs believe they can enhance their security strategies by combining prevention and recovery together, so there’s definitely an awareness that strategies need to change. Four best practices that all CISOs should be doing every day, according to Hanson, include:

      • Take a proactive stance on data security beginning as soon as you hire employees by outlining their security responsibilities to your company. If employees are terminated because they didn’t meet their data security responsibilities, create an anonymous case study to use as part of your ongoing employee education training.
      • When an employee has submitted his/her resignation, reply by thanking them for their service, conducting an exit interview where you acknowledge that they’re trusted, remind them about adhering to company policy–and have them sign a document that summarizes IP law and their obligations to safeguard your corporate IP.
      • In terms of technology, have the type of solution in place that gives you visibility to data movement throughout the network in real time by identifying all types of files that are moved from a device, who is moving them, and when and where they’re being moved.
      • Follow up on all alerts in a timely manner. Communicate what you saw with the employee. It really doesn’t matter if it was a non-malicious or an actual malicious act. At that point, you’re just protecting your IP.

      About the Data Exposure Report

      The security, IT and business leader portions of the research for this report were conducted by Sapio Research, an independent research consultancy based in the United Kingdom. The survey was completed, via online response, during February 2018.

      The research surveyed 1,034 security and IT leaders, including CSOs, CTOs, CISOs and CIOs, as well as 600 business leaders, all with budgetary decision-making power. All respondents came from companies with at least 250 employees. A total of 61 percent of the business leaders and 58 percent of the security and IT leader represent companies with more than 1,000 employees.

      To check out the study, go here.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×