Insider threats have a certain lurid aura about them that make them both terrifying and darkly fascinating. We all have an image of the disgruntled employee turning on their former employer for slights real and perceived, destroying the network and deleting important files before skipping away as the chaos unfolds behind them. What’s more horrifying is that these insider threats do happen:the case of Christopher Victor Grupe, formerly of Canadian Pacific Railway, proves that an enterprise’s entire networks can be shut down by one recently terminated employee.
Unlike many parts of cybersecurity, enterprises are more aware of the dangers of insider threats. 74% of them, according to the 2017 Insider Threat Report, are worried about and feel vulnerable to insider threats. It’s easy to see why: insider threats can be hard to distinguish from regular day-to-day work and equally easy to conceal, so much so that it can go on for years before the crime is even detected. According to the SANS Institute, nearly a third of enterprises lack the capability to detect internal attacks.
But Grupe’s anger-inspired tirade is far from the only type of insider threat. We previously interviewed Kurt Long about the dangers of third-party contractors and how they can be used as an insider attack vector. The most threatening kind of insider threat, however? The ones that target your enterprise’s intellectual property.
Insider Threats and Intellectual Property Theft
62% of users say they can access enterprise data they shouldn’t. That should be a wake-up call to any enterprise.
Intellectual property (IP) and proprietary data forms a vital core to any enterprise’s profit. They serve as the foundation for future innovations, projects, and plans. Your employees can be a boon to your IP…or thieves looking to maliciously cash out on your enterprise’s hard work. Employees that work with IP know exactly how it is stored, and can often find a way to smuggle it out of your enterprise.
Look no further than Anthony Levandowski, who allegedly stolen Google’s self-driving car research to sell to Uber so he could fund his own start-up. Or take Jason Needham, who used his covert access to former employers to pitch their ideas as his own.
The effects of intellectual property loss from insider threats can be devastating. When one of AMSC’s head engineers stole their proprietary designs when he switched companies, it cost them over a billion dollars in shareholder equity and hundreds of jobs.
The good news is that most of the most high profile insider threat actors are caught and receive prison time. The bad news is that the damage is often already done by that time, and the monetary and IP damage is not always easily healed.
What Can Your Enterprise Do?
There are some common protections your enterprise can take against insider threats. Improving your access controls, implementing a zero-trust permissions system, and carefully monitoring employee behaviors are all important steps to reducing the likelihood and severity of internal attacks.
Additionally, remember that your privileged employees may be your most dangerous attack vector. Even if they aren’t acting maliciously, a credential slip-up from them could place all of your intellectual property in extreme danger. It is strongly recommended you enact strong Privileged Access Management controls to keep their credentials safe.
Latest posts by Ben Canner (see all)
- 2020 Vendors to Know: Identity Governance - July 9, 2020
- 2020 Vendors to Know: Privileged Access Management - July 7, 2020
- 3 Authentication Myths to Avoid In Your Identity Management - July 1, 2020