Archive for October, 2010

‘The New Insider’ Threat: Targeting Company’s Intangible Assets!

October 25th, 2010. Published under Insider Theft of IP and Intangible Assets, Insider Threats. 1 Comment.

Michael D. Moberly     October 25, 2010

Growing numbers of us work in companies and organizations in which increasing percentages of our employers value and sources of revenue evolve directly from intangible assets.  In other words, there’s been a major shift that’s born out by the economic fact that 65+% of most companies value and sources of revenue now lie in intangible (non-physical) assets vs. tangible (physical) assets.  

Given that significant shift in the origins – sources of company value and revenue, its little wonder then that ‘insiders’; that feisty and persistent scourge that companies and organizations continually confront, target of preference is now intangible assets.  In my view, there are two key reasons for this, (a.) that’s where the most value lies, much of which is readily convertable, and (b.) there is a ready demand and easily tapped global market where intangible assets can be sold, bartered, exchanged, etc.

While some management teams and boards remain attitudinally hesitant (resistent) to making these transitions, what’s new and clear is that there’s no precedent for what’s occurring today relative to (intangible) asset value losses and/or competitive advantage undermining events attributed to ‘the new insider’  And, since increasing percentages of company value and revenue evolve from  (intangible) assets, this new breed of insider (threat, risk) has emerged that is more calculating, stealthy, and whose acts can potentially cause more irreversible and immediate damage-harm to a company than the tangible asset focused (insider) predecessor.

Let me be clear though.  This post is not necessarily about the insider threat posed by the ‘Wen Ho Lee’s (Economic Espionage Act) types of incidents in which classified materials belonging to a national laboratory were compromised and given to an adversary.  While this post does have, in my view, considerable relevancy to the classified arena in terms of the types of assets now being targeted, it is primarily directed to the millions of small and mid-size companies (SME’s) that have developed unique sets of intangibles that deliver (underlie) company value, revenue, and competitive advantages. 

When an SME does experience a theft, misappropriation, or compromise by an insider of one or more of it’s key intangible assets, while the consequences are certainly not equivalent or comparable to national security breaches, their impact to that SME, in terms of lost revenue, competitive advantages, market position, relationship capital, etc., can be, and often is devastating and irreversible.  

So, while this construct, of what I call ‘the new insider’ emerges, various studies and research conducted by DoD’s Personnel Security Research Center and Carnegie Mellon University’s CERT unit provide important and timely credence and relevance. 

One PERSEREC study contributed significantly to my framing of the risks-threats posed by ‘the new insider’ in a global context.  This particular study, appropriately titled ‘Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability To Insider Espionage’ identified various challenges related to combating and mitigating insider risks and threats, e.g.,

1.  Fewer employees are deterred by a conventional sense of employer loyalty.  They view theft of information assets (intangibles) to be morally justifiable if sharing those assets will benefit the world community or prevent armed conflict…

2. Greater inclination for employees engaged in multinational trade-transactions to regard unauthorized transfer of information assets or technologies as a business matter, rather than an act of betrayal or treason…

3. The value of – market for protected information assets has elevated as insiders recognize it can be sold for a profit…

4. Companies are at greater risk for experiencing insider theft of information assets than previously because there is no single countervailing trend to make it more difficult or less likely to occur…

Please note in each of the findings above, ‘information assets’ translate as (constitute) intangible assets!  So, what I’m suggesting is that today, with company’s primary sources of value, revenue, and competitive advantages centered in intangible assets, identifying best practices to mitigate ‘the new insider’ literally requires company’s to:

1. Re-think what types of assets protection and value preservation resources should be directed.

2. Re-frame how those assets can best – most effectively be protected – preserved.

3. Re-consider the origins, motives, and targets of ‘the new insider’. 

In addition, addressing ‘the new insider’ requires different sets of asset protection objectives, e.g.,

1. Sustain control, use, ownership, and value of the intangible assets.

2. Protect-preserve the assets’ relative to their functional – value cycles to the company.

3. Monitor the assets’ value, attractivity, sustainability, materiality, and defensibility.

So, it’s no longer (solely) about focusing attention on employees or contractors working in an R&D unit as being the most likely candidates to become an ‘insider’ threat or risk.  Rather, it’s about (again) recognizing that increasingly larger percentages of company value, sources of revenue, and competitive advantages evolve from readily available intangible assets that don’t originate exclusively from R&D units, but emerge from the intersection (nexus) of a company’s intellectual, structual, and relationship capital.  And, here lies ‘the new insider’!

The ‘Business IP and Intangible Asset Blog’ is researched and written by Michael D. Moberly, president and founder of Knowledge Protection Strategies – http://kpstrat.com.  The intent of Mr. Moberly’s blog is to provide insights and perspective to aid in a cross-disciplinary approach for identifying, assessing, valuing, protecting, utilizing, and extracting value from intangible assets.  Your comments regarding my blog posts are welcome at m.moberly@kpstrat.com

While visiting my blog, you are encouraged to browse other topics/subjects (left column, below photograph) .  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry about consulting, conducting an assessment, training program, or speaking engagement to your company or professional association at 314-440-3593.