According to information security consulting firm RavenEye, as many as eighty percent of corporate employees will disclose sensitive company or customer information to people they do not know over the telephone and up to thirty percent will do sthe same via email. “Business leaders are largely ignoring this catalyst for information leaks in their companies,” according to Joseph Kirkpatrick, RavenEye’s president. “Human error is the common element in the information theft stories which have been a fixture in the 2005 headlines. Staff awareness and training for this threat lags behind the growing rate of phishing emails, pretext calls and on-site impersonations, which utilize many social engineering elements.”
Businesses will spend $45 billion worldwide on security technologies in 2006, according to a recent study by market researchers at IDC, a global provider of market intelligence, advisory services, and events for the information technology and telecommunications industries. But Kirkpatrick said technology alone will not address the risks that face corporate employees who, maliciously or unknowingly, provide access to an outsider seeking to circumvent the complicated security technologies protecting valuable information.