Survey says 88% of IT workers would steal data if fired.

I have to admit that this ArsTechnica article surprises and angers me:

A study conducted by security company Cyber-Ark indicates that a significant number of corporate IT personnel snoop sensitive data, and nearly 9 out of 10 would take company secrets and remote access credentials with them if they were fired. This could pose a serious security risk for many companies and expose them to industrial espionage and other dangers.

The results of the Trust, Security and Passwords study are based on a survey of 300 system administrators at the Infosecurity 2008 event in Europe. Of the study respondents, 88 percent admitted they would take sensitive data with them when leaving their current place of employment, and approximately one-third said that they would abscond with company password lists. That could be a serious cause for concern for companies that have complex and loosely secured technological infrastructure.

Cyber-Ark claims that one-third of companies participating in the survey experience data breaches and theft on a regular basis. Information is leaked to competitors through a multitude of vectors, including e-mail, portable devices, and USB thumb drives. More than a quarter are also the victims of internal sabotage.

I have worked for two of the Big Three automotive companies (Ford and General Motors) as well as a number of other companies where I had access to all sorts of sensitive data and information and not once did I ever consider stealing any of it. Not because of any possible consequences of such an action, but because it would be wrong to do so. I’ve worked at the General Motors Design Center in Warren where I saw all manner of prototype vehicles that car magazines would love to get the details on ahead of time as well as the Milford Proving Grounds where the prototypes were put through their paces. I worked in the Alpha Building at Ford Motor Company where literally gigabytes of data on whole car lines were stored on various PCs and network shares. When I was laid off from Ford, twice, I was seriously upset, but not once did I consider the possibility of taking anything with me.

Sure both companies had policies in place meant to make such thefts harder – certain workstations GM blocked writing to USB devices of any kind – but nothing that I didn’t have knowledge of how to circumvent and certainly nothing proactive enough to have stopped me had I wanted to take any data. I suppose I’m just too honest to think of such things. I have a sense of honor at the idea that I’m entrusted with the care and support of such data. It angers me that so many others would violate that trust because, at a minimum, it makes my job that much harder. Stupid and ineffective restrictions, like the blocking of USB devices, just end up getting in the way of fixing machines and just the fact that so many others are untrustworthy means I’ll be looked at with suspicion by association. Hell, it means I’ll be looking at my fellow colleagues with suspicion as well and that’s just not the sort of work environment I want to be in.

The fact that this survey was done by a security company probably means it’s somewhat inflated, but if it’s even remotely close to the truth it’s very upsetting indeed.

8 thoughts on “Survey says 88% of IT workers would steal data if fired.

  1. As you mentioned, the poll was performed by a security company. Anybody know the actual questions of the poll?  Depending on how loosely the poll defined “data” and “steal,” the numbers could be extremely skewed, which I’m betting is the case.  And even more telling would be the percentage of those who “stole” “data” that actually used it malicously. 

    But yeah, at face value, the numbers are pretty scary.

  2. You mean to say that stealing is wrong, even if God doesn’t exist?  What’s the advantage of being an atheist then- you can’t steal, and you go to Hell anyway?

  3. In my job I see things nearly everyday I can’t talk about, and haven’t once thought about taking anything. I agree 100% with Les here, it’s wrong on many levels to do so and I hope those respondents to the survey re-evaluate themselves.

  4. I know I would give the papers LOADS of prototype information if I were fired from an auto company

    Yeah that is probably because your a douchebag (based on you posts) Moloch.

  5. You’d be correct there, BFB. Every so often Moloch almost appears human and then he goes and opens his yap again and destroys the illusion.

  6. I’m with chief.  How are the questions presented?  I mean, yeah, I left my last job with a company password list – the list of MY passwords. 

    I used to work with electronic tax returns – I had some of the most sensitive access in that I had complete and unmonitored access to millions of tax returns.  The only thing I considered in the event of getting canned was making sure I didn’t forget any of my personal shit in the office.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.