Skip the navigation

With economic slump, concerns rise over data theft

Security breaches will go up as a result of the downturn, McAfee says

By Robert McMillan
January 29, 2009 12:00 PM ET

IDG News Service - Is the worsening economic situation going to turn some employees into data thieves?

That's a top concern amongst IT decision-makers, many of whom say that laid-off employees are the biggest security threat created by the economic downturn. In a McAfee Inc.-sponsored worldwide survey (registration required) of 1,000 IT decision-makers, the company found that 42% of respondents felt that laid-off employees represented the biggest IT security threat caused by the recession. That's more than were worried about outside intruders. And 36% said that they were worried about security problems caused by employees in financial stress.

Crime rates spike during hard times, and with thousands of workers being laid off each week lately, there may be an added incentive for laid-off employees to take intellectual property with them to bolster their chances of getting hired with a competitor, to use with a start-up company of their own, or maybe even to sell.

"The economic downturn across the board is going to provide additional motivation for people who would want to do harm," said Seth Bromberger, an information security manager at PG&E in San Francisco. "It's on a lot of people's radar right now."

According to Bromberger, companies that have their employee exit processes in order have less to fear from laid-off workers. It's just that with the current economic squeeze, people's motivation may be changing.

Layoffs can fray employee loyalty, and there certainly is money to be made selling all kinds of corporate data.

Last August, the FBI arrested Rene Rebollo, a financial analyst at subprime mortgage broker Countrywide, for allegedly selling Excel spreadsheets containing customer information for about two-and-a-half cents per record. Over a two-year period, he may have made $70,000 from the scam, the FBI said. His annual salary was $65,000.

According to court filings, Countrywide had security software that disabled the use of USB drives on its PCs. But Rebollo found one PC that didn't have the software and was able to download about 20,000 records each week onto his personal thumb drive, which he'd later e-mail to a buyer, the FBI said.

USB drives are one of the most underestimated sources of data leaks, says McAfee CEO Dave DeWalt. "For $100, you can buy a 100GB drive," he said. "100GB can be the entire customer base for an entire large company."

An economic slowdown can create other computer security problems too. As businesses fail and are bought, that churn can lead to management chaos within IT groups. Workers aren't sure how to report security concerns, or to whom, and existing controls may not be monitored as roles are switched and jobs are lost. In addition, workers may not want to report security issues for fear of jeopardizing a co-worker's job or drawing unwanted attention to themselves.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
IT Salaries 2014
2014 Salary Survey

Our 28th annual survey results show which IT skills are in high demand and which are cooling off. Also, see how your salary stacks up to peers' with our Smart Salary Tool.