Date
17 December 2017
Kenneth Wong of PwC says firms have to take care to disable the access permissions of employees when they leave the companies. Photo: EJ Insight
Kenneth Wong of PwC says firms have to take care to disable the access permissions of employees when they leave the companies. Photo: EJ Insight

Disgruntled ex-employees big threat to cybersecurity: PwC

Former employees are the insiders who are most likely to pose cybersecurity threats to companies, a survey by PricewaterhouseCoopers (PwC) has found.

Two out of five respondents in Hong Kong and mainland China say disgruntled former employees familiar with corporate security protocols and systems are the major internal threat to corporate information security, somewhat higher than the global average of 33 percent.

“Organizations in China will need to put more focus into compliance monitoring against their current employees and the employees leaving the organization [to see if they] have really disabled all access permissions,” Kenneth Wong, a partner in PwC’s risk assurance practice, said Wednesday.

Despite the growing danger posed by rogue insiders, Wong said, implementation of key insider-threat safeguards is not strong enough.

Only about half of the respondents take internal security measures such as using privileged-user-access tools, monitoring user compliance with security policies and instituting an employee security training and awareness program.

The study also found that companies’ competitors are the most likely source of external security threats, with 47 percent of the respondents in Hong Kong and China pointing to their competitors, while the global average is 24 percent.

“In China, it’s quite a common phenomenon that [rival] organizations use professional cybercriminals to try to find ways to steal very sensitive intellectual property information,” Wong said.

The Global State of Information Security Survey was conducted between March and September this year and was based on more than 9,700 responses worldwide, including more than 400 from Hong Kong and the mainland.

The average financial loss resulting from cybersecurity incidents in Hong Kong and the mainland jumped 33 percent from the same period last year to US$2.4 million.

It was higher than the Asia Pacific average of US$1.9 million but lower than the global average loss of US$2.7 million.

The sectors that are most vulnerable to cyberattacks are financial services, retail, energy and mining companies, and internet finance companies in mainland China, Wong said.

“Many more attacks are either going undetected or unreported … the actual value of stolen intellectual property or trade secrets is therefore likely to be much higher,” he said.

– Contact us at [email protected]

JH/JP/FL

EJ Insight reporter

EJI Weekly Newsletter

Please click here to unsubscribe