Recession Turns IT Workers Into Hackers
Economic downturn pushes computer geeks into cybercrime for revenge, profit.
March 6, 2009— -- If you think the IT guy at work is annoying now -- does he really have to roll his eyes when you ask him where to find to the power switch? -- just wait until he steals $5 million dollars from the company.
As the recession unfolds and companies lay off an increasing number of employees, firms face a new and growing threat in the form of disgruntled technology workers with access to a corporation's best-kept secrets.
Theft of intellectual property, fraud and damage of corporate networks cost corporations over a $1 trillion globally in 2008, according to a recent report by the security firm McAfee and Purdue University.
Any employee who has been laid off or fears he might soon lose his job could potentially steal proprietary information and is a threat to the company. Experts said IT workers are particular dangerous subset because they best know a company's security weaknesses.
"A HR employee, an accountant, a secretary, even a member of the janitorial staff can be a threat, but IT professionals know which systems are well protected and which are not," said Jackie Rees, a professor at Purdue's Center for Education and Research in Information Assurance and Security and a co-author of the report "Unsecured Economies: Protecting Vital Information."
Forty-six percent of the American companies surveyed for the study said "laid-off employees are the biggest threat caused by the economic downturn," followed by hackers with no connection to the company.
The companies surveyed lost an average of $4.6 million worth of intellectual property through cybercrime in 2008, according to the report.
In recent months current or former employees at companies and government agencies have wreaked havoc and stolen millions. The problem will continue to get worse as the economy craters, said Rees.
"Anecdotally, I think we're looking at an increase in these sorts of crimes as a result of the recession," she said.
Cybercrimes by laid-off employees fall into two broad groups -- theft and sabotage.