Insider Threat: 30-Day WarningKnowing When Disgruntled Employees Will Steal Secrets
The research reveals that a significant class of insider crimes - theft of intellectual property - results in tangible losses in the form of stolen business plans, customer lists and other propriety information. Researchers from the institute's CERT Insider Threat Center reached that conclusion after analyzing more than 600 cases it has amassed over the past decade. One remarkable finding: much of the pilfering of secrets occurs within 30 days of the insider's last day on the job.
What does that mean for an enterprise? When executives decide to discharge employees - whether through layoffs or firings - they should notify IT or IT security ahead of time. Failing to do so could prove costly.
When executives decide to discharge employees, they should notify IT or IT security ahead of time. Failing to do so could prove costly.
"Everyone believes that detecting insiders and preventing insider attacks is IT's problem," says Dawn Cappelli, the center's technical manager. "IT can't really do it alone. There needs to be communication across the organization.
"If no one tells them that they're going to fire this disgruntled sysadmin, [IT staffers] don't know they should be watching what this person is doing. And, if no one tells them that they're going to be laying off a lot of people, they don't know they need to be watching for potential data exfiltration or sabotage. It's important that there's awareness across the organization."
Different employees present different insider threats. Disgruntled employees bent on IT sabotage likely are techies, network or database administrators or programmers. Typically, they'll set up an attack ahead of time, but wait until they're discharged before carrying out their wicked deeds.
Those stealing trade secrets are likely scientists, engineers, programmers or sales reps who have worked with those confidential materials, perhaps leaving their organizations to start their own businesses.
Is the insider threat growing? Cappelli doesn't have the data to answer that question. But with the growing number of mobile devices that can access enterprise networks, the perception exists that the insider threat is a growing menace What's clear, in her mind, is that this aspect of IT security is everyone's problem. "We need to reach the upper management of organizations so that they understand that they need to work with IT and information security to solve this problem," she says.