IP Theft and the Insider Threat

January 27, 2017

PrecisionDiscovery_remarketingad_250x250_0831Your company has undoubtedly invested significant time, energy and money to develop intellectual property (IP) – unique ideas, methodologies and trade secrets – as well as other intangible assets – customer lists, plans for future products, non-public financial information, contracts with suppliers, software source code, and so on.

These information assets are extremely valuable, and often what differentiate you from the competition. In the wrong hands – the hands of a competitor, for example – the damage could be catastrophic.

IT professionals lie awake at night making sure their networks are protected from outside threats. And yet you don’t have to look too far to find high-profile examples of security breaches. The 2014 hacking of Sony Pictures and the release of thousands of private emails and documents was both costly and embarrassing for the company.

Perhaps, it’s another headline-grabbing event that offers an indication of what may be a more common and pervasive threat to your information assets: the release of classified National Security Agency (NSA) documents by Edward Snowden. Snowden, you may recall, was a contractor working for the NSA when he copied and released classified information without authorization. This wasn’t a hack from the outside; it was the job of an “insider.”

In today’s world, we routinely send documents that are stored in our cloud account using our cell phone to anyone in the world in a matter of seconds. These conveniences have become the norm and are expected by those working in the business world.

Therein lies the problem. In the competitive and fast-paced world of business today, it is all too easy to focus on convenience at the expense of information security. A 2009 study by the Ponemon Institute found that 60% of employees who quit or are asked to leave will most often take confidential or sensitive business information upon their departure. These employees will typically copy data in the 30 to 60 days prior to their departure. USB thumb drives, cloud storage, email and portable hard drives are all popular methods of transporting files. These devices today all have the ability to store huge volumes of data while being easily concealable.

The “insider threat” to your information assets is more common – and potentially more damaging – than many believe. Consider these statistics:

  • 60% of departing employees admit to taking company data
  • 66% of those employees say they did it to help them get a new job – meaning it likely is being handed to a competitor
  • In 70% of IP theft cases, the damage is more than $100,000
  • In 50% of cases, the damage is over $1 million

Of course, IT professionals are alert to the threat from insiders, and the Identity and Access Management (IAM) industry offers a range of technologies and services designed to help prevent this kind of theft by carefully controlling who has access to what information. But when an employee who has legitimate access to sensitive data decides to steal that data, even the best IAM systems or services aren’t likely to detect or prevent it.

Corporate policies covering the access and dissemination of company data are primarily useless if no one is checking to see they are being adhered to. While large corporations have, for years, utilized a need-to-know approach to the access of their computer systems, many small to medium-sized companies with limited IT budgets fail to put in place many of the necessary safeguards. It is not uncommon to find a company whose computer network allows equal access to all employees regardless of need or position in the company. If the employee is in the IT department – a so-called “privileged” user – the risk can be compounded.

This is where e-discovery firms come in. Generally, e-discovery firms are engaged to help identify and collect evidence or information related to a legal matter or investigation. Often, forensic examiners can recover evidence or information even when someone tries to erase or destroy it. But the same forensic and technical skills used for this purpose can be used proactively not only to detect when an insider steals your valuable and sensitive information, but also to help prevent it, too.

Businesses in the current digital age need to have procedures in place that deal with the access to corporate networks covering two areas: preemptive and reactionary. Preemptive policies and procedures would govern the necessary access level to data retained by the company. All employees should be given the access necessary to perform their business function. Even the IT department should be segmented with no one employee holding the “Keys to the Kingdom.” Have the IT department implement tracking on the networks to identify anomalous activity as it occurs as first level of verification.

Reactive procedures would encompass employee separation situations wherein the separation must be categorized as either voluntary or involuntary. Even voluntary separations should be addressed in a policy.

At Precision Discovery, our forensic examiners are often called in by a company before an employee who has given notice actually leaves the company. By performing a forensic examination of the departing employee’s computer or mobile devices – what Precision calls an “Employee Risk Assessment (ERA)” – they can often detect when these employees have accessed information inappropriately or when sensitive information was copied to external devices or sent outside the company via email or cloud-based services.

Visit our site to learn more about Precision ERA.

If you’d like to learn more about the dangers of IP theft and how to help prevent it, check out our e-book Uncovering Intellectual Property Theft: Following the trail of a data thief.

Pete James
Managing Director, Computer Forensics, Precision Discovery

Pete James is the Managing Director of Computer Forensics for Precision Discovery. A Navy veteran, retired sheriff’s lieutenant and certified forensics examiner, Pete provides unique investigative skills and perspective to Precision Discovery clients. He’s passionate about how computer forensics can tell a story – often stories that weren’t meant to be told!