A cyberattack could cost an organisation millions, but an employee within your company might be willing to give an outsider access to sensitive information via their login credentials for under £200.
According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who'd sell their credentials to an outsider, nearly half would do it for less.
This willingness to sell on information likely stems from a lack of understanding about the true value of data - and the damage it can do to both organisations and individuals if it falls into the wrong hands.
According to the Forcepoint figures, 22 percent of employees don't believe or are unsure if data breaches incur a cost to the organisation, while 32 percent are unaware or unsure about the potential consequences of a breach.
But those consequences can include potentially millions being stolen, additional financial costs associated with investigating and fixing the cybersecurity breach and loss of revenue due to customers staying away because of the reputational damage.
All of these could potentially combine to bring a business down entirely - therefore making the insider threat something which organisations should take care of managing.
"Research has consistently shown that breaches caused by employees are among the most damaging around in terms of their financial and reputational impact," says Mike Smart, product and solutions director at Forcepoint.
"Organisations that ignore the potential security risks that can be caused by employees and other insiders miss an opportunity to strengthen their security posture and protect their companies more broadly"
Employee education could go a long way to fixing the holes left open by employees who are potentially willing to sell credentials for money.
It's also worth noting that staff foolish enough to sell passwords may be putting themselves at risk too, especially if they've used that very same weak corporate password across multiple personal accounts - their social media, their emails, even their online banking and shopping accounts could potentially be compromised by hackers simply using the password to gain access.
In order to do this, employers must take action to make data personal, making certain that staff understand that there is a association between their company and private accounts which that association must be managed.
"If you are victimization that very same word or those self same credentials for your personal knowledge, you are essentially harming yourself in addition," says Moyn Uddin, chief cyber risk officer at Cyber Counsel, a practice specialising in knowledge protection and privacy.
"We ought to be that specialize in awareness, obtaining staff to require possession for his or her actions and that is wherever the key's," he adds.
The report relies on a Forcepoint commissioned freelance survey of over four,000 workplace staff across the united kingdom, France, European nation and Italia - on attitudes toward knowledge protection and corporate executive threats.
ConversionConversion EmoticonEmoticon