The security vendor’s new report offers interesting insights into who in an organization is most likely to become a data thief and why. According to Symantec, theft of intellectual property costs U.S. businesses more than $250 billion per year, and FBI reports confirm that insiders are a major target of opponents’ efforts to steal proprietary data and the leading source of these leaks.
Based on a review of empirical research, Symantec has identified key behaviors and indicators that contribute to intellectual property (IP) theft by malicious insiders. Take note:
- Insider IP thieves are often in technical positions. The majority of IP theft is committed by current male employees averaging about 37 years of age who serve in positions including engineers or scientists, managers, and programmers.
- Typically, insider IP thieves already have a new job. About 65 percent of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft.
- Malicious insiders generally steal information they are authorized to access. Subjects take the data they know, work with, and often feel entitled to in some way.
- Trade secrets were stolen in 52 percent of cases. Business information such as billing information, price lists, and other administrative data was stolen in 30 percent; source code (20 percent); proprietary software (14 percent); customer information (12 percent); and business plans (6 percent).
- The majority of subjects (54 percent) used a network—email, a remote network access channel, or network file transfer to remove their stolen data, but most insider IP theft was discovered by non-technical staff members.
- Common problems occur before insider thefts and probably contribute to insider’s motivation. These precipitants of IP theft support the role of personal psychological predispositions, stressful events, and concerning behaviors as indicators of insider risk.
- Professional setbacks can fast-track insiders considering stealing intellectual property.
As Information Week notes, theft is often encouraged by outsiders who want the data. In 25 percent of cases, data ends up with a foreign company or national entity.
Try not to cast suspicious glances as you wander the halls today.
The entire Symantec report is available here. (Registration is required.)