RSA, The Security Division of EMC, announced the findings of its latest insider threat survey, conducted among attendees at industry events in North America and Latin America in the spring and summer of 2008. The results of the survey show that employees are well aware of the restrictions placed upon them by their corporate IT departments, yet many often work around these controls in order to get their jobs done in a convenient and timely manner.
Of all respondents polled:
--94% are familiar with their organizations’ IT security policies, yet 53% have felt the need to work around IT security policies in order to get their work done.
--In response to a separate question, 64% frequently or sometimes send work documents to their personal email address in order to access and work on them from home.
--15% have held a door open for someone at work that they did not recognize
--8% frequently or sometimes access their work email via a public computer, and 65% frequently or sometimes access their work email via a public wireless hotspot
--One in 10 has lost a laptop, smartphone and/or USB flash drive with corporate information on it
--79% frequently or sometimes leave their workplace carrying a mobile device containing sensitive information related to their jobs, such as a laptop, smartphone and/or USB flash drive
--43% had switched jobs internally and still had access to accounts/resources which they no longer needed
--79% reported that their company employs temporary workers and/or contractors who require access to critical organizational information and systems
--37% have stumbled into an area of their corporate network to which they believe they should not have had access
Access to highly sensitive data should be granted only to those who need it, and in some job functions access to only very specific areas within the information infrastructure are necessary. Organizations can manage large numbers of users while enforcing a centralized role-based security policy that ensures compliance, protects enterprise resources from unauthorized access and makes it easier for legitimate users to do their jobs.
More information on the IT industry can be found at www.supportindustry.com