Insider Data Theft: When Good Employees Go Bad
In today’s business world, information is as valuable as cash. In fact, industrial espionage costs U.S. businesses more than $250 billion each year. This has organizations scrambling to shore up their defenses against all manner of outside attacks. At the same time, companies of all sizes may be neglecting one of the most important perpetrators of intellectual property (IP) theft: their employees.
In order to assess this often underrated threat, Symantec asked forensic psychologists Eric D. Shaw and Harley V. Stock to examine various factors leading to insider IP theft. While most research is put into the development of technology-based security measures, their white paper focuses on the behavioral and environmental issues that can lead to theft of corporate data.
Who Is the Typical IP Thief, and What Are They Stealing?
The average data thief is 1) a current employee; 2) male; and 3) 37 years old, on average. They serve mainly in technical positions such as programmer, engineer or scientist.
In about half the cases the employee stole trade secrets, followed by business information such as billing information or price lists. In other cases source code or proprietary software was taken, as well as customer information or business plans. Of particular note is the fact that in 75 percent of cases the thief had authorized access to the data they stole, making it more difficult to solve the problem simply by strengthening security measures.
The thefts typically occur during working hours at the work site. About two-thirds of the time, the IP thief has already secured other employment, and in some cases has already given notice to the employer.
The $250 Billion Question: Why?
What CISOs want to know is, why are they stealing IP to begin with? Research shows that there is no simple answer. Part of it seems to stem from personality traits that may predispose certain people to theft. When combined with the proper motive and opportunity, this potential transitions into action. Outside stresses such as family or financial troubles also appear to contribute to thefts.
The research identifies two archetypical IP thieves with differing motivations and attitudes:
- The entitled, disgruntled thief: This employee was at least partially involved in developing the information he stole, and has become unsatisfied with his position or the company. In some cases this led him to feel he was entitled to take the information with him as he left the job. In other cases, he may have intended to use the information to further his career. About a month before leaving, he would copy the information using his authorized access, using it to either get or perform at his new job. He rationalized his actions by convincing himself that other employees were doing the same, or that the company would be unable to trace the theft back to him.
- The Machiavellian leader: The primary motivation of this thief is ambition. He has specific plans to use the information, either selling it to another organization or using it to develop a new, competing product. Unlike the disgruntled employee, he plans the theft carefully, perhaps even creating a new business and recruiting fellow employees to assist in the theft. He may have begun to steal the information more than a month before leaving the company and is less likely to show outward signs of dissatisfaction or impulsive behavior.
In the full report, Dr.'s Shaw and Stock go on to delve deeply into the psychology of these individuals and what leads them to commit these thefts. It discusses how the thefts were detected, what might indicate risk of this behavior in an employee, and how the potential becomes intent. This paper is essential reading for executives looking to keep their intellectual property safe.
The full report can be downloaded here http://bit.ly/tw7s1n