Stop insider data thieves: Forget profiling, keep an eye on the grumps

Study: Good management can be the best form of counter-espionage

By  

    Defusing potential conflicts that result in sabotage or data theft are pretty mainstream management advice:
  • Build teams on which employees can feel a part of decisions and in setting goals;
  • Address organizational issues that cause resentment or conflict.
  • Screen potential employees much more thoroughly for previous signs of conflict described in the study
  • Policies and practices designed to detect and address specific steps on the progression toward data theft rather than doing nothing and waiting to prosecute after a potentially disastrous theft.
  • Training and education – for both managers and employees, to improve skills and give them the sense they have a future and to improve their ability to resolve conflicts and see their own situations realistically.
  • Continuing evaluation: setting up enough detection points to prevent crises before they happen.

The process of identifying potential data thieves, investigating their guilt or potential to offend and handle them in ways that don't encourage the theft and don't alienate other workers who might get on the data-thief path is very similar to the techniques and processes intelligence organizations go through in trying to identify traitors, Stock said.

"The market for stolen IP has gotten so bad – it's $250 billion per year in stolen IP alone – that it's become a counter-intelligence problem even within corporations," Stock said.

"The other side of that coin is that the same techniques intelligence agencies use to recruit spies work to recruit insiders," Stock said. "you're not only looking for a vulnerable individual, you're looking for a way to approach them that might solve their problems or give them incentive to break the rules.

"A lot of large companies are hiring counterintelligence specialists for their security departments for that exact reason," Stock said. "People in the corporate world, especially unattached people like contractors, are what are considered soft targets."

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Photo Credit: 

Reuters: Jim Young

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness