MOUNTAIN VIEW, Calif. – Dec. 7, 2011 – Symantec Corp. (Nasdaq: SYMC) today released the findings of a new report “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall”. The report addresses the high level of organizational anxiety surrounding potential theft of sensitive, proprietary, intellectual property or similar critical data by employees. It describes what is known about the people and organizational conditions which contribute to this risk. The research paper was authored by Dr. Eric Shaw and Dr. Harley Stock, experts in the fields of psychological profiling and employee risk management.
Click to Tweet: Symantec releases new research revealing psychology behind intellectual property theft by corporate insiders: http://bit.ly/vhMuS2
“Most organizations are aware of the security threats posed by outsiders, but the malicious insider within their own ranks may pose an even greater risk,” said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp. “In this era of global markets, companies and government entities of all sizes are recognizing the ever-expanding challenges of protecting their most valuable asset—their intellectual property—from rivals.”
Theft of intellectual property costs U.S. businesses more than $250 billion per year and FBI reports confirm that insiders are a major target of opponent efforts to steal proprietary data and the leading source of these leaks. Based on a review of empirical research, Dr. Stock and Dr. Shaw have identified the key behaviors and indicators that contribute to intellectual property (IP) theft by malicious insiders. The most compelling patterns observed include:
- Insider IP thieves are often in technical positions - The majority of IP theft is committed by current male employees averaging about 37 years of age who serve in positions including engineers or scientists, managers, and programmers. A large percentage of these thieves had signed IP agreements. This indicates that policy alone—without employee comprehension and effective enforcement—is ineffective. - Typically insider IP thieves already have a new job - About 65% of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20% were recruited by an outsider who targeted the data and 25% gave the stolen IP to a foreign company or country. In addition, more than half steal data within a month of leaving. - Malicious insiders generally steal information they are authorized to access - Subjects take the data they know, work with and often feel entitled to in some way. In fact, 75% of insiders stole material they were authorized to access. - Trade secrets are most common IP type stolen by insiders - Trade secrets were stolen in 52% of cases. Business information such as billing information, price lists and other administrative data was stolen in 30%, source code (20%), proprietary software (14%), customer information (12%), and business plans (6%). - Insiders use technical means to steal IP, but most theft is discovered by non-technical employees - The majority of subjects (54%) used a network--email, a remote network access channel or network file transfer to remove their stolen data. However, most insider IP theft was discovered by non-technical staff members. - Key insider patterns precede departure and theft – Common problems occur before insider thefts and probably contribute to insider’s motivation. These precipitants of IP theft support the role of personal psychological predispositions, stressful events and concerning behaviors as indicators of insider risk. - Professional setbacks can fast-track insiders considering stealing IP - Acceleration on the pathway to insider theft occurs when the employee gets tired of “thinking about it” and decides to take action or is solicited by others to do so. This move often occurs on the heels of a perceived professional set-back or unmet expectations.
The report features pragmatic recommendations for managers and security personnel concerned with intellectual theft risk, including:
- Build a Team: To fully address insider theft, organizations need to have a dedicated team made up of HR, security, and legal professionals that create policies, drive training, and monitor problem employees. - Organizational Issues: Organizations need to evaluate whether they are at greater risk due to inherent factors—employee morale, competitive risk, adversary operations, local overseas, use of local contractors, etc. - Pre-Employment Screening: The information collected during this process will help hiring managers make informed decisions and mitigate the risk of hiring a “problem” employee. - Policies and Practices: This is a checklist of specific policy and practice areas that should be covered within an organization’s basic governance structures. - Training and Education: These are essential to policy effectiveness since policies and practices that are not recognized, understood and adhered to may be of limited effectiveness. For instance, most IP thieves have signed IP agreements. Organizations should have more direct discussions with employees about what data is and is not transferrable upon their departure and the consequences for violating these contracts. - Continuing Evaluation: Without effective monitoring and enforcement, compliance will lapse and insider risk will escalate.
In addition, Symantec recommends:
- Preempt IP theft by flagging high-risk insider behavior with a security technology like Data Loss Prevention (DLP). - Implement a data protection policy that monitors inappropriate use of IP and notifies employees of violations, which increases security awareness and deters insider theft. - Alert managers, HR, and security staff when exiting or terminated employees access and download IP in unusual patterns with a file monitoring technology like Data Insight.
No hay comentarios:
Publicar un comentario