The insider threat is real. Here’s a true story.
You hire a new employee. Let’s say he’s a Senior Project Manager. And you put him to work on your newest project. It’s a great idea that’s going to blow away the competition. And it’s a big secret: the project plan, the prototypes, the research — all of it is confidential.
One week before your product is scheduled to begin production, you’re on your way out of Shanghai, where you just finished your final inspection of the factory. With a few hours to kill before your flight home, you’re walking through the airport when something catches your eye in one of the shops.
It’s your product.
With someone else’s logo on it.
Your IP has been stolen! Someone in your company leaked confidential data to your competitors! You’ve lost millions.
That story is not made up.
It’s just one of several recent cases of corporate theft and espionage reported in the FBI’s recent counterintelligence report, “The Insider Threat: An introduction to detecting and deterring an insider spy.”
“Kexue Huang was employed by two different US companies. He admitted that from 2007 to 2010 he delivered stolen trade secrets from both companies to individuals in Germany and China. The stolen materials were used to conduct unauthorized research to benefit Chinese universities. Huang also pursued steps to develop and produce the trade secrets in China. The aggregated loss from both companies was between $7 and $20 million. Huang pleaded guilty to charges of economic espionage and theft of trade secrets, and was sentenced in December 2011 to 87 months in prison and three years supervised release.”
Everyone wants to trust their employees. I get it. Nobody wants to go through life seeing potential thieves every time they look at a co-worker. But the truth is, your employees could be your biggest security threat.
Even if they’re not malicious. Because you also have to worry about the employee who accidentally emails confidential information to someone outside the company. And the IT admin who reuses passwords and leaves your system open to hacking. And the sales guy who saves company files to his personal Dropbox because he thinks that will make him more efficient when he’s working from the road.
Any of these actions opens your business up to hackers, information leaks, loss of revenue, fines and litigation…the list goes on.
Read more in our Insider Risk Report
We just published the 2015 Intermedia Insider Risk Report. We surveyed 2,000+ office workers about their data security habits. The results… well, they’re enough to make you paranoid.
Fortunately, we also provide some insights and recommendations to combat the problem. If you’re worried about employee behaviors exposing your company, read the report.