SoftActivity
June 3rd, 2015

Stopping Insider Intellectual Property Theft

Intellectual property theft

The business world has never been more aware of the danger of insider intellectual property theft. Unfortunately, it has also never been more vulnerable. The vast majority of threats to IP come from the inside, thanks to employees who are either disgruntled or incompetent. We’ve known that for years – but the worst part is that plenty of enterprise-level companies aren’t even trying to stop it, as one CIO Insider report shows:

Sixty-one percent of respondents say they do not have the ability to deter an insider threat, 58 percent admit that they cannot detect an insider threat, and 75 percent say they cannot detail the human behavioral activities of such threats. Furthermore, six in 10 respondents say they are not adequately prepared to respond to insider threats.

The respondents? C-level executives. What that means is that a solid majority of big, supposedly reliable companies haven’t seriously thought about how to stop a threat that is far from a remote, unlikely hypothetical problem. That’s mind-blowing – particularly when computer monitoring software is such an effective, proven solution that’s been around for a long time.

Why Insider Security Threats Happen

“If you look at it from a classic espionage angle, you’ve got four basic reasons why insider threats occur from company computers,” says Rob Holmes, CEO of IPCybercrime.com, who investigates insider threats once there’s sign of foul play. “You’re looking at money, ideology, coercion or ego. The most common reason? Typically, it’s ego. They want revenge on their employer.”

A bit counter-intuitively, money is only rarely the primary motivation for these insider intellectual property thefts. “Even when the employee gets more money for their salary, they still may not feel appreciated.”

If it’s about ego, the primary motive can be a surprise to the victim. “In one case, from what we could figure out, it was because the employee believed her employer was a chauvinist. There was just years and years of resentment that had built up.”

Disgruntled employees will often use the theft to garner a job or opportunity from a competitor, using the stolen IP as collateral. Fortunately, “most companies know better than to accept the leaked information,” which is often how the investigation begins, with both companies’ security officers wanting to track down the offender. But not all firms are so scrupulous – which is why it’s important to nip that problem in the bud.

Every one of those companies cited above who admit their companies couldn’t stop an insider threat is essentially negligent. More and more, responsible companies are relying on computer monitoring to stop intellectual property theft.

Understanding the Value of Computer Monitoring and Incentivizing Security

Companies look at security as a cost center – and it is, in the same way that insurance premiums are a cost center. Protecting your intellectual property (and that of your customers) doesn’t generate revenue.

On the other hand, getting beat by a competitor who stole your prototype plans off a memory stick isn’t a big win, either. Having all your customer data painstakingly acquired over years exported into a file and sold off to the highest bidder doesn’t help you, either. If business managers are recognized for building up revenue, they ought to also be given kudos for preventing a security disaster.

Our computer monitoring software customers are more effective not just because they have implemented the solution, but because they’ve incentivized management to take security seriously. Here’s how they do it.

  1. Salary and Advancement Tied to Security. When managers take security training, they get their bonus. When they implement effective monitoring protocols, they get their bonus. When they don’t do these things – well, no bonus.
  2. Emphasize the Relationship Between Security and Productivity. Computer monitoring software does double-duty, preventing insider threats while also ensuring employees aren’t wasting time on Facebook, eBay or other sites when they’re supposed to be working. Reward higher productivity with bonuses and benefits and watch security improve as a side-benefit.
  3. Gamification of Security. Increasingly, companies award points, badges and other yardsticks of gaming culture to measure performance in the workplace. Making security ‘fun’ by rewarding those who demonstrate security awareness is one way to get results without necessarily paying out big economic incentives.

How are you preventing insider threats at your company?