One in Eight UK Employees Justify Selling Corporate Login Credentials

Severity: Medium (Score: 51.9)

Sources: Theregister, Infosecurity-Magazine

Summary

A recent report by Cifas revealed that 13% of UK employees admitted to selling their corporate login credentials or knowing someone who has done so in the past year. The report indicated that this behavior is perceived as justifiable by 13% of respondents overall, with higher percentages among senior management: 32% of managers, 36% of directors, and 43% of C-suite executives. Alarmingly, 81% of business owners also found it acceptable. The findings suggest a troubling shift in attitudes towards insider fraud, particularly among IT and telecom professionals, who exhibited the highest tolerance for such actions. The report highlights the potential for significant cyber and financial risks to organizations, as insider threats accounted for a substantial portion of losses due to fraud. Cifas emphasized the need for organizations to foster a fraud-aware culture to mitigate these risks. Key Points: • 13% of UK employees have sold or know someone who sold corporate logins in the past year. • Higher justification rates for selling credentials were found among senior management and business owners. • Insider threats pose significant risks, with malicious incidents accounting for 27% of insider-related losses.

Key Entities

• Data Breach (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1078 - Valid Accounts (mitre_attack)