November 28, 2011, 1:45 PM — Despite the burgeoning market for data theft and growing number of outfits organized to inflict it, insiders are still the biggest risk and first suspect in any major data loss or bit of industrial espionage, industry analysts and academics agree.
But who, among the people you have to trust, are the most likely to betray you in exchange for a few bucks from a competitor or the chance to strike back against society by releasing onto the Internet the uncensored truth in customer-transaction records, product-recall documentation and cost-prediction scenarios for global widget shipping and fulfillment networks?
Symantec recruited a pair of Ph.D.s – forensic psychologist Harley V. Stock of Incident Management Group and clinical psychologist/security consultant Eric Shaw – to conduct a study on the personalities and social contexts common among insider data thieves.
The full report, including early warning signs, profiles of likely data thieves, motivations and behaviors common to data thieves, won't be released until Dec. 7.
There is a remarkably consistent thumbnail picture of the typical data thief, available right away, however.
In 52 percent of the cases examined, stolen trade secrets were taken by an insider, most often a current employee who is male, about 37 years old, who has served mainly in technical positions.
Consistent as that is, it's also almost too generic to do any good – at least within IT, which is still disproportionately male compared to most other departments.
It will be interesting to see if there is a common twist of demographics or psychographics that drives male technologists in their late 30s to steal.
The other possibility is that the geek stereotype is heavily represented among data thieves because it's so common in IT, and people in IT have the easiest access to sensitive, potentially salable data.
Symantec will release the report itself Dec. 7. It will follow with a webcast featuring the two researchers on Dec. 12 titled The Psychology of Insider Theft: What Pushes Employees to Steal?