The Public Eye with Eric Chabrow

Insider Threat: 30-Day Warning

Knowing When Disgruntled Employees Will Steal Secrets
Insider Threat: 30-Day Warning

New research from Carnegie Mellon University's Software Engineering Institute provides further evidence why information security isn't just the problem of an enterprise's IT and IT security organization but of its top non-IT leadership as well.

The research reveals that a significant class of insider crimes - theft of intellectual property - results in tangible losses in the form of stolen business plans, customer lists and other propriety information. Researchers from the institute's CERT Insider Threat Center reached that conclusion after analyzing more than 600 cases it has amassed over the past decade. One remarkable finding: much of the pilfering of secrets occurs within 30 days of the insider's last day on the job.

What does that mean for an enterprise? When executives decide to discharge employees - whether through layoffs or firings - they should notify IT or IT security ahead of time. Failing to do so could prove costly.

"Everyone believes that detecting insiders and preventing insider attacks is IT's problem," says Dawn Cappelli, the center's technical manager. "IT can't really do it alone. There needs to be communication across the organization.

"If no one tells them that they're going to fire this disgruntled sysadmin, [IT staffers] don't know they should be watching what this person is doing. And, if no one tells them that they're going to be laying off a lot of people, they don't know they need to be watching for potential data exfiltration or sabotage. It's important that there's awareness across the organization."

Different employees present different insider threats. Disgruntled employees bent on IT sabotage likely are techies, network or database administrators or programmers. Typically, they'll set up an attack ahead of time, but wait until they're discharged before carrying out their wicked deeds.

Those stealing trade secrets are likely scientists, engineers, programmers or sales reps who have worked with those confidential materials, perhaps leaving their organizations to start their own businesses.

Is the insider threat growing? Cappelli doesn't have the data to answer that question. But with the growing number of mobile devices that can access enterprise networks, the perception exists that the insider threat is a growing menace What's clear, in her mind, is that this aspect of IT security is everyone's problem. "We need to reach the upper management of organizations so that they understand that they need to work with IT and information security to solve this problem," she says.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.