In poor economy, more IT pros could turn to e-crime

Enterprises increasingly feel their employees will be more willing to steal data or sell insider knowledge due to the poor economy, according to an annual security survey conducted by KPMG.

Sixty-six percent of respondents felt that out-of-work IT workers would be tempted to join the criminal underground, driven in part by threats to bonuses, job losses, and worthless stock options.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations, and law enforcement agencies.

In the survey, KPMG said that fraud committed by managers, employees and customers tripled compared to 2007, which indicates that the recession will likely only exacerbate those problems.

Employees often have "super access" to sensitive company systems and know those systems' weaknesses. It means that companies need to have strict procedures in place for locking those individuals out once they no longer work at an organization, the survey said.

The survey topped off a series of fairly gloomy presentations by security experts on the state of Internet security. Those experts are still seeing an exponential rise in the number of malicious software programs along with a diminished effectiveness of antivirus software.

Figures released by security vendor Symantec show that more than 2.4 million strains of malware exist, said Malcolm Marshall, a KPMG partner in IT governance.

The security community could soon "face a potential meltdown in the way we do e-business," Marshall said. That's due in part to IT professionals who aren't patching systems, cybercriminals refining their skills and a lack of security knowledge on the part of consumers, he said.

"We know that end users are broadly not sophisticated," Marshall said. "The reality is we are seeing more sophisticated attacks aimed at sophisticated people."

In other survey results, 45 percent of respondents who handle critical national infrastructure said they are seeing an increase in the number of attacks on their systems. Fifty-one percent of respondents from the same category said the technical sophistication of those attacks is getting better.

Sixty-eight percent said that of all kinds of malicious code they felt Trojan horse programs -- ones that are designed to look harmless but can steal data along with other functions -- had the most impact on their businesses. Rootkits are the next highest concern, followed by spyware, worms, viruses, mobile malicious code and, finally, adware.