Did You Know That All data Theft Is An Insider Job?
Sep 29, 2019
Did You Know That All Data Theft Is An Insider Job?
They say that “Data never leaves the organisation by itself”.
What if one of your salesperson or business people took your strategic plans with them to start with a competitor? Or what about the new employee that started with your business brought a whole heap of customer relationship material content from the previous employer?
By and large, we define the theft of corporate data in which current or former employees, contractors, or business partners steal confidential or proprietary information from the organisation and used it to get another job, help a new employer, or promote their own side business.
Here are a few examples
- Sage – A UK based accounting company employee, used unauthorised access to steal private customer information of 280 of its business customers;
- KB Kookmin Bank, Lotte Card and Nonghyup Bank- The worker, who had access to various databases at the firm, had secretly copied personal data of 20 million South Koreans onto an external drive over the course of a year and a half;
- Boeing – An employee managed to steal hundreds of boxes worth of documents pertaining to military and spacecraft from 1979 to 2006;
- NSA – A former NSA contractor stole troves of classified information over the course of two decades;
- Tesla – A former employee, copied more than 300,000 files related to Autopilot source code as he prepared to join China’s Xiaopeng Motors Technology Company.
Here is the revelation. Data theft is always an Insider Job. How can that be I hear you ask? Here are the following ways data can leave the organisation.
- The Compromised Insider are those that you are most familiar with… These insiders had their computers infected with malware. These employees are typically infected via phishing scams or by clicking on links that cause surreptitious malware downloads. Computers of compromised insiders can then be used to exfiltrate data.
- The Dissatisfied Insiders are those employees that are disgruntled and aggrieved by their organisation denying them their request – whether this is a wage raise or more responsibility or a new position within the firm. In turn, this decreases their desire for their insider to contribute to the organisation and their sense of loyalty diminishes. Dissatisfaction often spurs the person to look for other jobs. Once the insider receives a job offer with a competing firm, the insider desire to steal the information is amplified by their dissatisfaction with the current employer;
- The Entitled Insiders are those that they believe that they are entitled to information and therefore they think they have the right to take the information with them. This sense of entitlement can be particularly strong if the insider perceives their role in the development of products as especially important. Secondly, the longer they work, the more entitled their sense of entitlement grows;
- The Ambitious Insiders are those employees who recruit other insiders to steal information, essentially an “insider ring”. Not content on stealing information, they want the entire program, product line and need more complex scheme to get it.
- The Coerced/Collude Insiders are those employees that are either coerced or collude with an external party. Outsiders recruit insiders to commit the theft of information.
- The Careless Insiders are those employees who do not follow proper IT procedures. These insiders accidentally release corporate information to the public (such as posting sensitive data online with no security credentials; sending out emails with sensitive data to the wrong recipient; leaving their USB or other portable devices in public areas);
- The New Arriving or Departing Employee are those that either bring information with them from the previous employer or take information to their new job;
- The Trusted Business Entities are those organisations such as partners, vendors and contractors that have access to the organisation critical assets. The same type of patterns as stated above applies above to trusted business entities. They too can be compromised, coerced, act carelessly, feel that they are entitled to take information with them outside the organisation.
Here is the challenge
You cannot detect the theft of data until it is in the act of being stolen – as it is being copied to removable media or emailed to another network. In other words, your window of opportunity is quite small and therefore, you will need to pay close attention when you see indicators of heightened risks of insider theft.
What Can You Do?
Here are some suggested recommended steps to minimise the potential of data loss whether it be unintentional or theft.
- Identify all critical assets that your organisation has;
- Develop trusted access to your critical assets. Continuously review and adjust access controls for those that need it;
- Pay careful attention to your employee behavioural precursors;
- Develop an IP agreement with all employees and trusted business partners that ensures that they understand ownership of the asset;
- Ensure employees and trusted business partners follow corporate policies and procedures;
- Consider whom within your organisation who needs to use removable media;
- Pay close attention to resignation (30 days before and 30 days after);
- Monitor for user activity actions and monitor for system and data anomalies;
How Can We Help You?
On a scale from 1 to 10, are you aware of all your critical assets within your organisation and who has access to them? Are you concerned that someone is exfiltrating your critical information? Are you interested in identifying vulnerabilities that put your information assets and business continuity at risk? If so, register your details here and someone from the Naked Insider Group will contact you.
For more information, you can reach us at the following: [email protected] OR give us a call at: +61 2 6282 5554.