Departing Employees Steal Corporate Information Join Competitors

InfoWatch Analytical Center has released a global report on publicly known enterprise data leaks triggered by destructive actions of leaving or dismissed employees. In 2017, over 50% of all cases were associated with unauthorized data copying and transmission to third parties, including competitors.

«Employees who decide to leave their employer often try to use corporate information for their own benefit,» said Sergey Khayruk, Analyst at InfoWatch Group.. «Such actions always lead to either financial or reputational losses. In more than 50% of all reviewed cases, when leaving or dismissed employees compromised corporate data, there was direct damage to their employers.»

The report authors note that disloyal privileged users are especially dangerous for employers, as C-level executives, department directors, and system administrators have access to a wide range of corporate data, including trade secrets and know how. Moreover, being familiar with internal business processes, they can use their knowledge to inflict maximum possible damage on their former employers,” noted Sergey Khayruk.

In 2017, privileged users were behind 19% of incidents associated with compromised enterprise data, with more than 80% of all cases being caused by ordinary staff. Most rank-and-file employees steal corporate information either for personal gain or for the benefit of their employer‘s competitors, whereas top managers generally act out of revenge or other reasons that have nothing to do with money.

In 28.6% of all such incidents that damaged employers, malicious employees compromised enterprise data less than a week prior to leaving, with some 20% more violations taking place several weeks before that. At the same time, the majority of such breaches (52.4%) happened over a month before the planned leaving.

Almost half of the leaving employees took away or viewed databases containing personal details of their colleagues, employer's customers or partners, with one-third of all disloyal employees illegally grabbing trade secrets and know how.

Healthcare institutions (27.8%) and government agencies (19.4%) were the most typical victims of leaving malicious employees, while the retail and transportation sectors were hit the least (2.8% of such incidents each).

The majority (over 60%) of cases when leaving employees illegally used corporate information happened in companies with 100–500 people on the staff.

«Behavior patterns of malicious employees who temper with corporate data are impossible to analyze by traditional security systems, as they overlook subjective factors and thus fail to predict employee leaving or associated risks,» added Sergey Khayruk.. «However, the evolving predictive analytics solutions that leverage enterprise database and information flows and are powered by artificial intelligence and machine learning, can already process and analyze huge volumes of data accumulated by an enterprise, accurately predict personnel behavior and proactively identify employees who are about to leave, thus preventing related HR and financial risks.»

Download report

Full version pdf - 940 KB

Background

The report is based on the InfoWatch Analytical Center's proprietary database updated and maintained by its experts since 2004 and containing tens of thousands of recorded incidents. The database aggregates publicly available cases of data leaks, which hit business, non-profit, public, municipal organizations, and government authorities, and resulted from intentional or negligent actions by employees or other parties involved. The report includes confidential data leaks from Russian and foreign companies in 2017, as well as other publicly available information on destructive actions of leaving employees that affected their employers’ information assets.

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>