Enterprises increasingly worry that their employees may be more willing to steal data or sell insider knowledge because of the poor economy, according to an annual security survey conducted by KPMG International.
Sixty-six percent of respondents felt that out-of-work IT staffers would be tempted to join the criminal underground, driven in part by threats to bonuses, job losses and worthless stock options.
The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations and law enforcement agencies.
In the survey, KPMG said that fraud committed by managers, employees and customers tripled last year in comparison with 2007, which indicates that the recession will likely only exacerbate those problems.
Employees often have “super access” to sensitive company systems and know those systems' weaknesses. Companies need to have strict procedures for locking such individuals out once they no longer work at their organizations, the survey said.
The survey topped off a series of fairly gloomy presentations by security experts on the state of Internet security. Those experts are still seeing an exponential rise in the number of malicious programs along with a diminished effectiveness of antivirus software.
Figures released by security vendor Symantec Corp. show that more than 2.4 million strains of malware exist, said Malcolm Marshall, a KPMG partner in IT governance.
The security community could soon “face a potential meltdown in the way we do e-business,” Marshall said. That's partly because of IT professionals who aren't patching systems, cybercriminals refining their skills and a lack of security knowledge on the part of consumers, he said.
“We know that end users are broadly not sophisticated,” Marshall said. “The reality is we are seeing more sophisticated attacks aimed at sophisticated people.”
In other survey results, 45% of respondents who handle critical national infrastructure reported an increase in the number of attacks on their systems. Fifty-one percent of respondents from the same category said the technical sophistication of those attacks is getting better.
Sixty-eight percent said that of all kinds of malicious code, they felt that Trojan horse programs — which are designed to look harmless but can steal data along with other functions — had the biggest effect on their businesses. Rootkits are the next highest concern, followed by spyware, worms, viruses, mobile malicious code and, finally, adware.