Private sector companies, take note. If rivals in business are stealing the initiative from a company by accessing its confidential information, the culprit may be a saboteur within — a disgruntled staffer.
According to research by Symantec India, a global leader in infrastructure software, theft or leakage of confidential and classified data in most private sector companies is the handiwork of employees.
The research involved nearly 100 companies from across the telecom, hospitality, manufacturing, retail and technology sectors. Fifty-nine per cent of the enterprises believed employees at endpoints compromised security, either intentionally or unintentionally, by leaking data.
“Most enterprises have faced a cyber attack and suffered losses due to it. The report shows that on an average an Indian enterprise loses Rs60 lakh every year due to data theft or loss. This could go up to Rs84 lakh loss in productivity,” said Vishal Dhupar, managing director, Symantec India.
At a conference on cyber safety, Mumbai police commissioner D Sivanandhan said that in most cyber crime cases reported, it was found that the accused was an employee unhappy with his organisation.
The data lost could be identity, corporate confidential data, customer and client details and IP (internet protocol) theft. The report says that around 42% companies have lost proprietary data.
“In many cases, low-paid employees share classified information for money. Also, a disgruntled employee could do it to get back at the company,” said Sumit Chaudhary, chief information officer, Reliance Communications.
However, “in many cases, employees shared information without knowing that it was classified or without knowing the consequences of their act,” he added.
Employees could be using social networking sites, instant messaging services and blogs to be in touch with people. Any such communication could lead to a malware attack.
Use of smartphones, PDAs and notebooks where employees could store classified official information and also use it for work could be under threat if proper security measures are not taken, Dhupar said.
“Employers cannot stop employees from using these services but policies need to drafted and adequate security measures should be taken to avoid such losses,” he said.
As many as 82% of Indian companies use Facebook for business communication, the report says. Moreover, 69% of enterprises did not have a policy to control the use of social networking sites by employees.
Other than this, Google Talk and Yahoo Messenger instant messaging services are used by 69% and 61% of enterprises respectively. Google Talk has faced one of the worst attacks in the past with a Trojan called Hydraq affecting private organisations worldwide.
“Many companies do not take Data Loss Prevention (DLP) steps at all while most of them take minimal steps due to lack of budget allocation,” said Dhupar.
Experts from Symantec said that protection of confidential data or risk reduction could be done by creating a culture of security in the workplace, and taking needed DLP measures like discovering the data, monitoring it and then protecting using security software and mechanisms.