Almost a decade ago, Jason Needham left his job at an engineering firm to start his own company. After resigning through virtual backdoors and unauthorized accounts, Jason could continue accessing his former employee’s data and systems. Over two years after leaving the company, Needham went on to repeatedly download intellectual property such as engineering schematics, internal project proposals, budgeting and pricing documentation, marketing strategies, and even access the email accounts of other employees. The information he stole was estimated at almost half a million dollars in value. Under the Computer Fraud and Abuse Act, he eventually received an eighteen-month prison sentence, two years of supervised release, and hefty monetary penalties.
This popular story became an early case study highlighting the importance of managing threats with a broader scope. When finding the culprits behind data breaches, most people automatically think of a distant attacker attempting to hack into their systems and steal their valuable data. However, thanks to authorized access and internal knowledge of the environment, as seen in Jason’s case, employees and contractors can often expose your company to a greater risk than any outsider.
The current state of employee data theft
Employee data theft is a growing risk in every industry. According to Verizon’s annual data breach report, over the last three years, the percentage of companies that suffered data breaches caused by their own employees rose from 25% to 34%. The cost of these types of attacks also increased by 15% between from
2018 to 2019, with the latest average reaching over $1.6 million. Furthermore, the time to detect a breach is often longer when an internal employee or contractor is involved. Roughly 40% of companies admitted that detection sometimes took years, according to another annual report by Verizon on insider threats. Finally, a concerning research report published in 2018 disclosed that 100% of organizations tested in a study were found to have active internal employee threats within their companies. The current state of employee threats and risks of data theft is at an all-time high, forcing companies to pay attention to the people they naturally trust the most: their employees.
“The 2019 average cost of an insider attack was $1.6 million.” – Verizon Data Breach Report
Who are the threat actors behind employee data theft?
Though the people behind employee data theft can seem unpredictable at times and have a variety of motivations, the most common profiles companies see include:
- Disgruntled employees retaliating against an employer, for example, by stealing and selling trade secrets
- Internal criminals blatantly look to steal for financial gain and are often motivated by life hardship, greed, or other factors.
- Oblivious workers who may unintendedly enable data theft, for example, by leaving an unlocked laptop in a café that a criminal steals
- Third parties who have authorized access to your resources but use them for purposes other than what’s intended and approved
- Terminated staff who decide to steal data and start their own competing company, as seen in the opening example
How companies can reduce the risk of employee data theft
Prevention: Proactive and preventative controls are the best first step when it comes to addressing employee data theft. There are fundamental actions that can be taken, such as having a thorough and secure vetting, hiring, and onboarding process. Similarly, the employee off-boarding process should be clearly defined and enforced. For example, once an employee is terminated, access to all systems and facilities should be removed. Implement technology that can help manage account security and limit access to critical resources. Enforce standard policies and procedures that guide employees and contractors on what they should and should not do when it comes to handling your data. Also, ensure employment and contractor agreements include provisions on acceptable use of data and resources and ensure that acknowledgment is documented.
Detection: Employee threats can be harder to detect because employees often have legitimate access to systems and data. In addition, insiders have greater knowledge of your environment and where the “preventative” controls are, making them experts at evading alarms. Leveraging employee and network monitoring technology can help improve detection abilities. For example, the right monitoring technology can notify you if an employee is engaging in suspicious activities such as exporting large amounts of data from a customer database, sharing their account login information with people who are logging in simultaneously from disparate locations, and more. Being able to detect these types of incidents as quickly as possible is critical.
Response: It’s inevitable that something eventually will go wrong. As previously mentioned, 100% of companies surveyed had active insider threats within their companies. The vital thing to do is be prepared to respond once you do find a threat. Having a robust workplace investigations program set up ahead of time with the right expertise and technology is critical. Companies who wait until they discover a threat to start thinking about workplace investigation programs often find they are too late to get the data and evidence required to take adequate action. For example, if you aren’t maintaining and protecting activity logs on your users, an employee can easily carry out their malicious plans and remove any traces of evidence of their crime. This makes it harder, or sometimes impossible, to piece together what happened and the extent of the damage. Having the technology and expert resources established ahead of time can ensure that if you need to respond, you are ready and able to do so.
“100% of companies surveyed discovered that they have active insider threats.” – Dtex
Conclusion
Employee data theft is a growing risk for companies across every industry. While no company can run successfully without people, those great human assets can quickly become a great liability. As breaches stemming from employee actions grow in volume, and the associated cost continues to increase, companies are seeking ways to gain control of the risk. The clear path forward is the implement preventative, detective, and responsive measures to mitigate the risk of employee data theft
