IP Theft – Understanding The Insider Threat To Information Security


Part 1: How an e-discovery firm can help prevent the theft of your most valuable information assets

In this, the first of a two-part series, we’ll discuss the threat that malicious insiders – often employees who are tendering their resignations – pose to your most valuable information assets.

Your company has undoubtedly invested significant time, energy and money to develop Intellectual Property (IP) such as unique ideas, methodologies and trade secrets, as well as other intangible assets such as customer lists, plans for future products, non-public financial information, contracts with suppliers, software source code, and so on.

These information assets are extremely valuable. They are often what differentiate you from the competition. And in the wrong hands – the hands of a competitor, for example – the damage could be catastrophic.

IT professionals lie awake at night making sure their networks are protected from outside threats. And yet you don’t have to look too far to find high-profile examples of security breaches. The hacking of Sony Pictures and the release of thousands of private emails and documents, for example, was both costly and embarrassing for the company. It’s widely believed that this security breach was the work of North Korean hackers.

But it’s another headline-grabbing event that offers an indication of what may be a more common and pervasive threat to your information assets: the release of classified National Security Agency (NSA) documents by Edward Snowden. Snowden, you may recall, was a contractor working for the NSA when he copied and released classified information without authorization. This wasn’t a hack from the outside; it was the job of an “insider.”

The “insider threat” to your information assets is more common – and potentially more damaging – than many believe. Consider these statistics:

  • 60% of departing employees admit to taking company datai
  • 66% of those employees say they did it to help them get a new job – meaning it likely is being handed to a competitorii
  • In 70% of IP theft cases, the damage is more than $100,000iii
  • In 50% of cases, the damage is over $1 millionsiv

Of course, IT professionals are alert to the threat from insiders, and the Identity and Access Management (IAM) industry offers a range of technologies and services designed to help prevent this kind of theft by carefully controlling who has access to what information. But when an employee who has legitimate access to sensitive data decides to steal that data, even the best IAM systems or services aren’t likely to detect or prevent it.

This is where e-discovery firms come in. Generally, e-discovery firms are engaged to help identify and collect evidence or information related to a legal matter or investigation. Often, forensic examiners can recover evidence or information even when someone tries to erase or destroy it. But the same forensic and technical skills used for this purpose can be used proactively not only to detect when an insider steals your valuable and sensitive information, but also to help prevent it, too.

At Precision Discovery, our forensic examiners are often called in by a company before an employee who has given notice actually leaves the company. By performing a forensic examination of the departing employee’s computer or mobile devices – what Precision calls an “Employee Risk Assessment (ERA)” – they can often detect when these employees have accessed information inappropriately or when sensitive information was copied to external devices or sent outside the company via email or cloud-based services.

The majority (70%) of IP theft happens in the 30 days prior to the employee announcing their resignation v. So by performing a forensic examination of the employee’s devices before they actually leave, the company can often detect this kind of theft. And if employees know such examinations are routine, they are less likely to engage in the behavior knowing that they may be discovered.

In the second of this two-part series, we’ll share the perspectives of an expert whose job it is to help identify when this type of theft has occurred.

Visit our site to learn more about Precision ERA.

If you’d like to learn more about the dangers of IP theft and how to help prevent it, check out our e-book Uncovering Intellectual Property Theft: Following the trail of a data thief.

vPark, Linda “Data Breach Trends” Symantec, 31 Dec, 2013, http://www.symantec.com/connect/blogs/data-breach-trends



Richard Corvinus, Digital Forensic Examiner

Rich is a highly skill digital forensic examiner who honed his skills through numerous criminal prosecutions while in Law Enforcement. Rich has attained numerous certifications in the field and gives back to one of the organizations from which he received training and certification by volunteering his time to assist others working through the certification process. He loves to use both conventional and non-conventional forensic tools to uncover the facts of the matter being investigated.

Rich Corvinus