BreachExchange mailing list archives
Employees or hackers: who poses the biggest threat to your IP?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 22 Apr 2015 19:17:25 -0600
http://www.information-age.com/technology/security/123459364/employees-or-hackers-who-poses-biggest-threat-your-ip With breakthroughs in areas as diverse as agricultural drones, brain mapping and agile robots in 2014 alone, intellectual property has never been so invaluable. Companies in the IT and technology sectors rigorously protect against external threats to their ideas, such as those posed by hacking and data loss. They even litigate to ensure they are compensated for copyright breaches. But is the same level of attention paid to internal issues? In a recent survey of senior leaders in the UK’s largest IT and technology, by HireRight, eight in ten (83%) said their company is at greater risk from external threats than internal ones – such as poor leadership or hiring people who have the intent of stealing IP. If the right processes and people are not in place, the risks are just as great from either. As well as potentially losing ideas to competitors, by hiring the wrong people businesses risk overall business success, their reputation and opening themselves up to fraud. So where and why are companies going wrong when protecting themselves from internal issues – in particular ensuring they are hiring people with the best intentions and track record? In more than a quarter (29%) of IT and technology firms, it is possible that there are people on the board who have never in their entire career had their qualifications, experience or criminal record checked. In many (50%), it is simply presumed that someone applying for a leadership position can be trusted and that their application and interview are entirely accurate. However, this is not always the case – the research shows that in over half (53%) of IT and technology companies, screening has exposed a leadership lie – the highest of any sector. Damage to the reputation of the business is viewed as the biggest issue of not having the right leaders, followed by leadership that negatively affects business performance. It can also lead to poor processes being put in place to protect again IP theft. If it can result in so many issues, why aren’t leaders being checked more consistently? One problem is that during mergers and acquisitions – which are frequent in the sector – often two boards come together who have different minimum requirements or values. Organisations in this sector are least likely to screen senior leaders during a merger (70% compared to a 49% average). Perhaps it is inevitable then that in as many as one third (30%) of organisations who have been through a merger, there is a potential scandal lurking. In addition, the research suggests that many in the industry trust in an individual’s reputation and contacts when hiring. More than three-quarters (76%) said they rely on personal recommendations to inform recruitment decisions. It’s who you know, it seems, rather than what you know. The issue is not just with leadership. HireRight’s Quarterly Candidate Health Check takes the pulse of how truthful UK jobseekers are currently at all levels. The latest data shows that over half (56%) of successful applications contain errors. More than a third (35%) of HR directors admitted that people have been hired who would not have been if proper background screening had been conducted. People at any level are capable of embellishing the truth, either because they need to secure a job or because they intend to cause harm. How can IT leaders ensure they prevent this? They must ensure that they have a clear process in place for carrying out due diligence on candidates, as appropriate to the level of risk posed by their position. This needs to be understood and followed by all so that the best people are recruited with the right intentions and discussions take place during mergers that lessen the chances of a scandal emerging at a later date. In the wake of a number of high-profile reputational scandals, such as at the Cooperative Bank, the business world is starting to realise the importance of ensuring that everyone in a company has the skills and experience they say they do. In fact, reputational risk is rising up the boardroom agenda in more than half (59%) of IT and technology companies. With IP battles only likely to intensify, changes can’t come soon enough.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Employees or hackers: who poses the biggest threat to your IP? Audrey McNeil (Apr 30)