New Research Validates Seriousness of Insider Threats

Venafi, an enterprise key and certificate management solutions provider, released more results from its InfoSecurity 2011 survey recently. The study found that more than 500 IT professionals reported that CEOs “often lack access to their own sensitive data.”

Who has the easiest access? According to 65 percent of respondents, it’s the IT department. The figure was just 30 percent for CEOs and 8 percent for manager. (HR came in third at 7 percent; employees in the legal department garnered 5 percent of the vote.)

Unfortunately, other findings are troubling. The survey found that if the employee who manages their organization’s encryption keys were to leave, 23 percent of respondents expect that they’d lose access to their valuable, encrypted data. (The result is in line with the company’s previous survey, which revealed that 40 percent of IT staff “admitted that they could hold their employers hostage 00 even after leaving for other employment -- by withholding or hiding encryption keys, making it difficult or impossible for management to access vital data.”)

Security professionals have repeatedly warned organizations that although an enterprise may be protected from outside threats, there’s even more danger from inside the enterprise. Case in point: “A third of survey respondents said that their knowledge of and access to encryption keys, coupled with their organizations’ lack of oversight and poor key and certificate management controls, meant they could bring the company to a grinding halt with minimal effort and little to stop them.”

Nearly one-quarter (24 percent) of enterprises said that their fear of losing encryption keys “was deterring them from investing in encryption technologies. This shows that recent major data breaches have almost paralyzed some organizations, which are afraid to improve their IT security for fear of making things worse -- or just do not trust their IT departments to handle encryption technology effectively.”

Warning Signs

Need more proof? A new report, Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall investigated “the high level of organizational anxiety surrounding potential theft of sensitive, proprietary, intellectual property or similar critical data by employees.”

Symantec says intellectual property (IP) thefts cost businesses in the United States over $250 billion yearly. “FBI reports confirm that insiders are a major target of opponent efforts to steal proprietary data and the leading source of these leaks,” the company said.

The Symantec report, written Dr. Eric Shaw and Dr. Harley Stock, was based on a review of empirical research and identifies several “key behaviors and indicators that contribute to intellectual property theft by malicious insiders.” Stock and Shaw are experts in psychological profiling as well as employee risk management

Among the patterns the authors identified:

• Thieves are often in technical positions. “The majority of IP theft is committed by current male employees averaging about 37 years of age who serve in positions including engineers or scientists, managers, and programmers. A large percentage of these thieves had signed IP agreements. This indicates that policy alone -- without employee comprehension and effective enforcement -- is ineffective.”

• Thieves have secured new jobs when they commit the crime. “About 65 percent of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20 percent were recruited by an outsider who targeted the data and 25 percent gave the stolen IP to a foreign company or country. In addition, more than half steal data within a month of leaving.”

• Thieves steal what they can access. The authors say three-quarters of insiders stole material for were authorized to access.
• Trade secrets are the most-purloined items. Trade secrets were stolen in over half (52 percent) of incidents. Business information (for example, billing information and price lists) was stolen in nearly a third (30 percent) of incidents, followed by source code (20 percent), proprietary software (14 percent), customer information (12 percent), and business plans (6 percent).

• Thieves use standard data transfer media. Most subjects (54 percent) used a network to commit the theft; they use e-mail, remote network access, or network file transfers to move their stolen data.

• IP theft was discovered by non-technical staff members.

There are some key patterns of behavior that can help you spot (and prevent) insider theft. “Common problems occur before insider thefts and probably contribute to insider’s motivation. These precipitants of IP theft support the role of personal psychological predispositions, stressful events, and concerning behaviors as indicators of insider risk.” Among the triggers: employees getting tired of “thinking about it” and deciding to act, or solitication by others. “This move often occurs on the heels of a perceived professional set-back or unmet expectations,” according to the report.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 12/16/2011