survey-1594962_1280-e1562163764464

Gurucul announced its results of a survey on workplace behaviour which was conducted at Blackhat USA 2019.

Of the 476 IT security professionals surveyed, it was identified that 24% would take company information in the hopes that it would help them apply for a more senior role at a competitor. Additionally, a further 27% of respondents admitted that they would steal company data whilst at work in order to help them apply for another role.

In the survey, respondents were questioned on their internet use at work, and it was identified that 28% of respondents spend more than two hours surfing the Web for non-work related activities.

Nearly a third of respondents (32%) cited that social media was among one of their favourite activities online when at work, whilst shopping was the top activity (24%). Many of the respondents (12%) admitted to searching for a new job whilst at their current jobs.

In light of recent third-party breaches, 74% of respondents stated they had tightened up third-party access to their systems, with managed service providers or MSPs (34%) and developers (30%) being the leading sources of third party risk.

When asked what department was most at risk from fraud, 32% of respondents cited the finance department, followed by C-level executives.

“What these findings show is that insider fraud is a top concern among IT security professionals, as are the security risks associated with third parties that have privileged access to corporate resources,” said Craig Cooper, COO from Gurucul.

“Since detecting insider threats by employees and trusted third parties is the ultimate game of cat and mouse, many leading-edge security organizations are using machine learning to compare the behaviour of all users against established baselines of ‘normal’ activity. This allows them to identify anomalous events and spot outliers so they can remediate threats early on.”

Article originally published on PrivSec:Report


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.