Protecting your business from insider threats in seven effective steps Why your organisation is currently defenceless

Blog post

By Boaz Fischer on Mar, 1 2017

Greater Chance Of Insider Threat Theft - If Only A Few Players Exists In The Market

“Maybe money can’t buy happiness, but it can buy you an advantage”

Truly, an organisation with good security practices has a good chance of detecting or controlling when an outsider (non-employee) tries to access company data electronically, and can mitigate the threat of an outsider stealing company property.

However, the thief who is harder to detect and who could cause the most damage is the insider, the employee with legitimate access, the trusted user. That insider may steal solely for personal gain, someone who is stealing company information or products in order to benefit themselves, another organisation or country.

The insider threat problem has been gathering more interest in enterprises and government. Organisation realise that their “insiders” can threaten the livelihood of their organisations.

In a study conducted by CERT Insider Threat Lab to better understand the threat of maliciousa insiders, the following are soem key observations when it comes to "theft"

Observation 1: Methods used by malicious insiders to steal sensitive corporate information ranged widely. In the 50 cases studied, the top three methods that insiders used to steal sensitive data were

  1. Email from work: 30%
  2. Removable media: 30%
  3. Remote network access: 28%

Observation 2: Insider use of both personal and work email remains a primary method for using networked resources to quickly ex-filtrate information from an organisation.

Observation 3: Of all the cases of theft of IP in the sample, 28% involved remote network access.

There are a variety of motives or personal situations that may increase the likelihood someone will steal from their employer. Here are some examples:

  • Greed or financial need - A belief that money can fix anything. Excessive debt or overwhelming expenses
  • Revenge - Disgruntlement to the point of wanting to retaliate against the organisation. This behaviour usually occurs when the person has been terminated or passed over for promotion.
  • Unmet expectations – Freedom curtailed. Such as reduces access to information or even change in responsibilities.
  • Disagreement – Problems with management or supervisor relationship. It can also be disagreement over ownership of intellectual property.

According to CERT, half of the theft of intellectual property cases is the result of a dissatisfied insider acting primarily alone to steal information to take to a new job or for their own business.

In a market with few competitors, each organisation is likely to be more aware of the business model of the others. Competition is usually fierce amongst each other. For the winner, the spoils of abnormal profits, prestige and status.

Let’s take an example of Formula 1 (F1). F1 is the world’s most watched annual motor sports series. More than 300 brands sponsor F1, spending more than $1.5 US billion annually, and governments invest more than $600 US million in races each year. There are 20 brands that defined F1 - The likes of Ferrari, Mercedes-Benz, Renault, Red Bull and McLaren are very known.

It’s not surprising then to learn that each team within F1 spend millions of Dollars annually. The underlying philosophy in F1, is that it is better to win on the track and make no profit rather than make money and finish lower down the standings. This is not solely a sporting concern. Win the championship, and sponsorship and prize money will accelerate.

Example 1: In a sport like F1, having an advantage over you rivals is critically important. Sometimes, these advantages are gained in illegitimate manner.

  • 9th of December, 2015 - Mercedes is taking legal action against an employee who left left the team, reportedly to join Ferrari, which the Italian team denies. Benjamin Hoyle, an engineer who works for Mercedes’ engine division, AMG High Performance Powertrains, is alleged to have stolen confidential data. Mercedes argues that Hoyle’s alleged actions could possibly help Ferrari for the upcoming F1 2016 championship year. It said: “Mr Hoyle and potentially Ferrari have gained an unlawful advantage.”
  • 26th of July 2007 - The 2007 Formula One espionage controversy, also known as "Spygate" involved allegations that the McLaren Formula One team was passed confidential technical information from the Ferrari team. An FIA hearing that took place on 13 September 2007, and by then in receipt of compelling evidence resulted in several penalties for the McLaren team. The most important of these were the team's exclusion from the 2007 Constructors' Championship and a record-breaking fine of $100 million (USD).

The shadowy side of Formula 1 is never far away. Employees of each Formula 1 team has access to a treasure trove of information. Money can’t buy happiness, but it can buy an advantage. When employees move from one team to another, there is a tendency to cry foul especially when these people have access to very sensitive information.

Example 2: We next look at BlueScope the leading steel company in Australia and New Zealand, supplying a large percentage of all flat steel products sold in these markets. It has few competitors such as Nippon Steel & Sumitomo Metal , Posco & Arrium.

For BlueScope to lose its customer software to a rival firm would badly damage its business. In June 2015, manager Chinnari Sridevi "Sri" Somanchi was to be made redundant in June 2015. Ms Somanchi has been accused of downloading a trove of company documents, about 40 gigabytes over a four-year period, including the codes she allegedly downloaded just before her redundancy meeting.

BlueScope is now trying desperately to retrieve "highly sensitive and commercially valuable" information allegedly stolen by Ms Somanchi, who it describes as a disgruntled former employee. It is assumed the business unit at risk generates $US45 million in turnover each year.

Lessons To Be Learned

In the above cases, both organisations Mercedes-Benz and BlueScope failed to place appropriate protection for their critical assets against their insiders.

Most organisations tend to think that their greatest security risk to their business is from a list of external threats such as hackers, malware, phishing, denial of service attacks and other assaults. But in reality, the greatest risk to any organisation today comes from within. Whether it be that rogue employee who will go to great length to gain access to your sensitive data; Or perhaps that unhappy staff member that wants to take their revenge and divulge the information with the rest of the world; Maybe it’s the unscrupulous user that uses your business for their personal gain; Perhaps it could be the ignorant user who unwittingly shared sensitive data with the wrong person.

Insiders definitely have the advantage over outsiders. Insiders have access to facilities and information. They have knowledge of the organisation and its processes and know the location of critical or valuable assets. Insiders will know how, when and where to attack and how to cover their tracks.

If insiders have all the advantage, then organisations must start changing their security protection paradigm. Security must start from within.

Best Next Move

In order to prevent insider espionage, organisations must first understand what critical assets they have and what appropriate controls, policies, process and technologies then are needs to be put into place. Here are the following steps

  1. Identify your critical assets – What are your assets determined to have an integral relationship with the mission of the organisation and its success?
  2. Understand what information is made available on the assets?
  3. Determine what type of access or use for each asset?
  4. Determine what if any data flow are involved?

Once you understand the major critical assets and the protection needs, you can better understand what needs to be protected.

How We Can Help You?

To start address the risk of Insider Threat within your organisation, why not schedule a FREE one hour consultation with one of our Insider Threat people - Click Here!

And if you haven't had the chance to read our book (Protecting Your Business From Insider Threats In 7 Effective Steps), please download it here for FREE - Click Here!

Alternatively, if you do have a query, reach out to us!