Archive for 'Insider Threats'

Insider Threat Continuum

June 1st, 2015. Published under Insider Theft of IP and Intangible Assets, Insider Threats. No Comments.

Michael D. Moberly   June 1, 2015   A blog where attention span really matters!

In the information asset protection community, there’s an adage, or perhaps more aptly characterized as an anecdotally rooted ‘rule of thumb’, the ’20-60-20 rule’ that still carries a timely relevance since it initially caught my attention some 25+ years ago. Through my lens, this represents a reasonable and plausible characterization of the persistent ‘insider threat’ which I endeavor to explain below.

Group 1 – 20% of the people we work with…are inherently honest and possess consistently high levels of (personal, professional) integrity.  It’s quite unlikely individuals in this initial 20% would be influenced, inclined, or could be persuaded to engage in unethical or dishonest behaviors, acts, or violations of a company’s security or information safeguard policies or practices.

In other words, for these individuals there would be little or no concern they would be engaging in misappropriation – theft of proprietary information, trade secrets, or monetized elements of intellectual property (IP)..

Group 2 – another 20% of the people we work with…function at the opposite end of this continuum of honesty – integrity.  For these individuals, when their already thin sociological – psychological veneer is peeled back, it’s likely to reveal an inherently dishonest, unethical, and misguided persona with little, if any, sense of personal – professional integrity, or employer loyalty with respect to complying with company policies or government laws/regulations related to obligations for safeguarding proprietary information, trade secrets, or IP.

Too, these individuals would likely be receptive (have the internal propensity, proclivity) when certain opportunities avail or influencers are present to engage in unethical – illegal acts, i.e., theft or compromise of valuable, mission critical, and competitive advantage information (intangible) assets.

Group 3 – then there’s the 60% of the people we work with who are essentially ’in the middle’, that is, they do not (overtly) demonstrate any particular receptivity or proclivity to engage in dishonest, unethical, or illegal acts or behaviors that would purposefully put their employers proprietary information, trade secrets, or IP at risk or in jeopardy. In other words, these individuals are likely to be honest and ethical.

There is a disappointing and frustrating nuance to Group 3 however. That is, anecdotal evidence which suggests individuals functioning at the fringe of this group, i.e., closest to Group 2 on the continuum, are recognizing the persistent overtures from external entities engaged in solicitation-elicitation initiatives to misappropriate or publicly leak their employers’ proprietary information assets.

This phenomenon is particularly worrisome…to information safeguard specialists on many levels, one of which is that such (highly personal and embedded) proclivities – propensities may be unknown at the time of hire, i.e., go undetected – unobserved in conventional pre-employment screening and interview processes. In current parlance, they may be unwitting sleeper’s who’s adverse proclivities may be awakened and influenced at some future point by the employee’s interpretation-assessment of…

  • their employer’s reactions and sanctions imposed on those caught violating company information safeguard practices and policies.
  • the degree, level, and consistency of monitoring which their employer engages relative to safeguarding its proprietary information, IP, and trade secrets.
  • the persistence of external advances and their potential lucrative outcomes.

Admittedly, there is nothing particularly scientific or legally defensible…regarding the 20-60-20 perspective, other than to say it probably evolved from well intentioned ‘anecdotal guesstimates’ and observed incidents. Regardless, those finding relevance in this phenomenon, does draw, and properly so, our attention to the persistent and very costly challenges presented by ‘insiders’, whomever they may be, and the necessity for more effective pre-employment screening and regular monitoring.

One rather practical approach to addressing such insider challenges can be attributed to the always forward looking Esther Dyson, when she remarked, ’it’s not about counting the number of copies anymore, rather, it’s about developing relationships with employees and users’ (who can access the proprietary – competitive advantage information that necessitates safeguarding).

I suspect Ms. Dyson may not be familiar with the ’20-60-20 adage described here and its relevance to the hyper-competitive, aggressively predatorial, entrepreneurial spirited, and winner-take-all global business transaction environment.

But, there is practical reality embedded in Ms. Dyson’s remark, at least in terms of ‘people we work with’ and their propensity – receptivity, at some point in their career, not just their first week of employment, but, after undergoing various ‘snap-shots-in-time’ pre-employment screenings, to engage in adverse acts!

While most of my operational familiarity with ‘insiders’ is a direct result of personal experiences, I respectfully attribute some of my current thinking and approaches for addressing this persistent challenge to the excellent work-research consistently produced by PERSEREC (Personnel Security Research Center, DoD) and Carnegie Mellon’s CERT unit.

Global Workforce Provocative Implications

February 25th, 2015. Published under Insider Threats, Systemic Risk. No Comments.

Michael D. Moberly   February 25, 2015   ‘A blog where attention span really matters’!

Provocative implications for safeguarding information assets…

What follows are findings of a study produced by DoD’s Personnel Security Research Center (PERSEREC). The findings of this study titled, ‘Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerabiliy to Insider Espionage’ does retain some relevancy today as it did when it was initially published in May, 2005.

For some, the findings may be contentious, divisive, arrogant…

Admittedly, the study’s findings could be viewed as prognosticative and challenging a rationale for a globally diverse workforce. Having had substantive discussions with the study’s principle investigators, I sensed absolutely no suggestion to support either perspective.

The study produced these largely intangible indicators…

The Internet…

  1. expanded global marketplace for proprietary information assets.
  2. has become an efficient marketplace to bring sellers-seekers-buyers together to exchange information in relative anonymity
  3. elevates awareness about information asset value and recognition it can be sold for a profit.
  4. internationalized science and commerce and places employees in positions to foster – sustain global contacts some of whom interest lie in adversely exploiting such relationship.
  5. permits individuals to retain emotional, ethnic, and financial ties at will to other countries coupled with less inclination to seek U.S. citizenship

Fewer employees are deterred by conventional sense of loyalty…

  1. growing allegiance to a global community that integrates global – national values.
  2. less inclined to view espionage – theft of information assets to be morally wrong.
  3. may view such acts as being justifiable if they feel that sharing them will benefit the world community or prevent armed conflict.
  4. inclination of those engaged in multinational trade/transactions to regard unauthorized transfer of information assets-technology as a business matter rather than an act of betrayal.
  5. tendency to view human society as an evolving system of ethnically and ideologically diverse and interdependent individuals/groups which make illicit acts easier to rationalize.

These findings, in my judgment, prompt many additional questions about the entire spectrum of the ‘insider threat’.  For example, there remains a need to genuinely and objectively assess…

  1. Employee reactions to the elevated intensity and frequency which external entities are targeting (soliciting) their company and their knowledge!
  2. Employee propensity – proclivity to (a.) convey receptivity to external solicitors – buyers of a companies’ information assets, and/or (b.) independently seek prospective buyers.
  3. Also, if such proclivities – propensities exist, do they coincide with or become exacerbated by the conventional precursors – motivators (of insider theft), i.e., disgruntlement, unmet expectations, personal predispositions, financial stress, etc.

Ultimately, the challenges presented by these findings to U.S. companies will, in all likelihood require specialized familiarity and skill sets to effectively address.  This is especially critical given the economic – business reality that today, 80+% of most companies’ value, sources of revenue and ‘building blocks’ for profitability, growth, and sustainability lie in – emerge directly from intangible assets!

As always, reader comments are respected and welcome!

Pre-Employment Screening Reversal Theory

April 25th, 2013. Published under Insider Theft of IP and Intangible Assets, Insider Threats. No Comments.

Michael D. Moberly   April 25, 2013    ‘A blog where attention span matters’.

In the Spring/Summer 2012 edition of the International Journal of Intelligence Ethics, the author of ‘Reversal Theory: Understanding the Motivational Styles of Espionage’ brought some very worthy and intriguing context to the relationship between insiders and economic espionage by way of ‘reversal theory’.

In the article, an obviously experienced and certainly forward looking author distinctively applied Dr. Michael J. Apter’s ‘reversal theory’ to the persistent – ever present challenge of insiders relative to their predilection to engage in insider theft and/or economic espionage at some point during their employment.

In short, reversal theory (RT) as well described in the aforementioned article is a model for personality analysis. The premise is that people and their behavior change, perhaps regularly, overtime.  In other words, people’s motivational states are not static, rather they’re quite dynamic.  As such, behaviors people may engage in to obtain, presumably personal satisfaction, are also dynamic and certainly not static.

More specifically, RT suggests one’s personality evolves from – is embedded in patterns of (dynamic) change, not ‘fixed traits’ which some psychometric practitioners and researchers continue to advocate.  The notion that there are particular ‘fixed (permanent) traits’ that people possess that in turn are associated with – linked to ‘predictable patterns of behavior’ is contrary to the principles of the RT model.

Put another way, as the author points out so effectively, is that RT actually ‘challenges the assumption that (fixed) personality traits or commonalities of behavior’ are linked to predictability.  Again, the author points out that RT, if practiced correctly, would allow more organizations to screen out vulnerable and/or suspect applicants.  But, my reality is, and I suspect the author may agree, continued reliance on conventional trait (employment screening) approaches have not produced the necessary consistency in identifying – distinguishing applicants who are vulnerable or otherwise, at some point in their employment tenure become receptive to engaging in adverse acts against their employer.  In this instance, we’re talking about theft, misappropriation, and/or infringement of intellectual properties, proprietary (trade secret) information and other forms of intangible assets.

More specifically, both the and Dr. Apter agree that the conventional ‘static trait theory’ has not, and does not account for, nor does it address the very real reality that people are receptive to behavioral – attitudinal changes over time, some of which adversely affects their receptivity, propensity, and proclivity to ‘voluntarily’ engage in insider theft and economic espionage.

As most practitioners serving in the arena of endeavoring to thwart insider threats and economic espionage know all too well, there are myriad of anecdotal accountings and well intentioned studies identifying gradations, motives, tenacity, and intensity of the risks posed by ‘insiders’.

Unfortunately, the same challenges remain, if not become intensified, with of course the proverbial tweaks and/or technological variations insofar as how targeted assets are accessed and acquired by bad actors.  What’s needed in my judgment, as has been noted multiple times in this blog, is that objective, replicable, and evidence-based research, beyond mere anecdotal reports or accountings, that present different, but certainly plausible explanations why particular employees, post hiring, willingly and voluntarily become ‘insiders’ and variously engage in economic espionage.

Through my lens, and the publication of well researched articles as summarized here, the private sector, as well as the intelligence community, are now absolutely obliged, more than ever before, to re-visit and re-think their personnel (pre-employment) screening processes and practices by, among other things, recognizing that periodic (in-employment) re-assessment is essential. At minimum, periodic re-assessment should include the means to identify and assess post-hires’ adverse (a.) receptivity, (b.) inclination, and/or (c.) newly acquired predispositions that may or may not have evolved since and be contrary to what was gleaned on or before the date-of-hire while having access to classified (proprietary, sensitive)  information, i.e., intangible assets.

I should think, in part, the author’s application of reversal theory as aptly described in this article certainly warrants broad attention and study because it serves as a very worthy starting point for some serious and thoughtful discussion on this increasingly critical matter.

Of course, the necessity for the private sector to comprehensively address risks posed by insiders is elevated in large part because of the economic fact – business reality that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – directly evolve from often times readily available, perhaps even open source, intangible assets, many of which are rooted in – emanate from intellectual properties, proprietary information, and other forms of intellectual, structural, and relationship capital.  As for the application of RT to government agencies, one hardly needs to say more than PFC Bradley Manning!

This globally universal economic fact alone should, in my view, and I suspect that of the author as well, should prompt companies and organizations to find the will and the resources necessary to effectively mitigate insider risks and economic espionage, be it state sponsored or conducted by independent actors. In other words, RT theory, in my view, warrants attention and thorough discussion!

Inspiration for this post lies with an article published in the Spring/Summer 2012 edition of the International Journal of Intelligence Ethics, titled ‘Reversal Theory: Understanding the Motivational Styles of Espionage’.

Each blog post is researched and written by me with the genuine intent it serves as a useful and respectful medium to elevate awareness and appreciation for intangible assets throughout the global business community.   Most of my posts focus on issues related to identifying, unraveling, and sustaining control, use, ownership, and monitoring asset value, materiality, and risk.  As such, my blog posts are not intended to be quick bites of  unsubstantiated commentary or information piggy-backed to other sources.  Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of my posts, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance or business transaction.  I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Obama’s Insider Threat Guidance: It’s Good For The Private Sector Too…

November 29th, 2012. Published under Insider Threats. No Comments.

Michael D. Moberly   November 29, 2012

The Obama administration issued a guidance memorandum earlier this week to address the persistent, wide-ranging, and presumably growing threat of (classified) information loss posed by insiders and adversaries which the U.S. GAO characterizes as a ‘meteoric rise’.

This guidance memorandum was the culmination of an October, 2011 Executive Order (13587) which, among other things, created a high level task force to develop strategies, or perhaps better stated, minimum standards which government agencies are to implement and follow, to prevent more PFC Bradley Manning – WikiLeak situations from occurring. The actual ‘standards’ have not been publicly released yet, but many in the affected government agencies anticipate they will be issued in the coming week.

I am very comfortable in stating it would be in the interests of the U.S. private sector, i.e., c-suites, boards, management teams, CIO’s, CFO’s, CIPO’s, CSO’s, and CRO’s, etc., to ‘put their proactive hats on’ and actually read – study the President’s guidance memorandum  and the standards as they become available.   Reading-studying the memorandum through a proactive vs. reactive lens can influence parties to recognize the array of risks-threats described in the administrations’ memorandum and their equivalency to private sector firms, not just the government (agency) side.

It’s worth noting too, that, defense-national security adversaries are not necessarily an exclusive or separate domain or skill set, apart from adversaries and/or insiders engaged in economic and industrial espionage.   An equally significant reality is that, whether the perpetrators be insiders or external, presumably foreign (state-sponsored) adversaries and/or agents, information asset losses, i.e., intellectual, structural capital and proprietary operational knowhow, the result is no longer merely a temporary public embarrassment.  Rather, information asset losses and compromises more frequently reflect long term and permanent (irreversible) losses to a company’s value, revenue, reputation, market space, and competitive advantage it may enjoy.

My work is exclusively focused on the private sector.  My business mantra is to ‘help companies identify, assess and sustain control, use, ownership, and monitor value and materiality of their contributory value, revenue, and competitive advantage producing intangible assets’.  I firmly believe, and experience clearly supports, companies that either do not have or have ineffective, poorly designed and inadequately overseen practices in place for each component of ‘my mantra’ will inevitably, not probably, find their key intangibles vulnerable and unsustainable.  Translated in 2012 and 2013 contexts, this means company’s most valuable (intangible) assets and the contributory value they produce, will, not may, be misappropriated, infringed, counterfeited, or merely meld away as an irretrievable precipitator to a company’s premature demise.

Willie Sutton, the infamous bank robber, was asked, according to urban legend, ‘why do you rob banks’?  In straightforward fashion his response was reportedly, ‘it’s because, that’s where the money is’!

In a perverse sort of way, and, of course, setting aside classified national security assets, Sutton’s view and mine are similar in this context; U.S.-based intangible (intellectual property) assets are frequently, if not wholly targeted by economic and competitive advantage adversaries and insiders because, the U.S. is where large percentages of such assets, i.e., intellectual and structural capital originate and is developed, i.e., commercialized.

In today’s increasingly interconnected global business transaction environment, there is a high level of universality in the economic fact that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, sustainability, profitability, market space, and competitive advantages lie in – evolve directly from a range of intangible assets.

Readers are encouraged to recognize, it’s not solely national security/defense information assets insiders and other adversaries seek, rather it’s the intellectual and structural capital, and   operational knowhow necessary to achieve quick and least costly economic and competitive advantages.  And yes, intellectual property is also sought, but only in the context if the IP leads to quick and profitable outcomes in a particular market space. My own experiences suggest that those companies who disagree with this perspective will find themselves constantly engaged in the proverbial uphill skirmishes in which they may periodically perceive they win a war or maybe two.  On the other hand, the persistent, asymmetric, and increasingly technologically advanced threats – risks posed by insiders and other adversaries, are highly individual battles, not wars, which unfortunately thus far, they’re all too likely to win.

Anecdotal accountings and a multitude of studies identify gradations, motives, tenacity, and intensity of the threats-risks posed by ‘insiders’.  But, what’s new and clear relative to the Manning – Assange (apparently collaborative) incident, is that there’s no precedent for the shear mass of data and information assets that were taken and disseminated, aside from perhaps, the ‘Pentagon Papers’, a 1960’s event which few, if any ‘mannings’ even know, about let alone try to emulate.   And, to add insult to injury, stealth in this instance, was apparently merely a single PFC’s rouse of downloading ‘Lady Ga Ga’ music but, from a remote government computer with access to classified information.

So, however one perceives the ‘pfc manning’s’ of the world, he represents a new, but surely inevitable breed of insider/adversary (threat, risk),  one that is more calculating and in some respects more stealthy, and whose acts can potentially cause more irreversible, costly, and immediate/instantaneous damage-harm and embarrassment to a company than their predecessors who were largely confined or limited to stealing only ‘hard copies’ that they could put in the proverbial shoe box and carried out the front door.  It’s not unlike the former Detroit auto executive who literally put paper copies of ‘plans, intentions, and capabilities’ of his former employer to take to his new European automaker employer as an arrogant and very strategic ’housewarming gift’.

The PFC Manning event certainly prompted the executive orders, memorandums, and soon to come, minimum standards.  But, this event should also have represented the proverbial ‘wakeup call’ to the millions of small, mid-size, and Fortune 1000 firms that have developed unique and valuable sets of intangible assets that literally deliver (underlie) their company’s value, sources of revenue, competitive advantages, market position, and growth potential.

When a company experiences a theft, misappropriation, or compromise of information-based (intangible) assets, be it by a trusted insider or a global adversary, while the consequences are seldom equivalent to a significant national security breach, their impact to the victim firm, in terms of lost revenue, undermined competitive advantages, lost market position, damaged reputation, etc., can be, and often is, financially devastating and irreversible!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to the circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Please watch for Mike’s book ‘Intangible Assets: Security Managers Roadmap’ to be published soon!

Dyson v Bosch: Insider Threats and Risks…

November 5th, 2012. Published under Insider Theft of IP and Intangible Assets, Insider Threats. 1 Comment.

Michael D. Moberly     November 5, 2012

Just how much importance should an organization’s c-suite and security management team attach to an insider’s (a.) nationality, (b.) motive(s), and (c.) possible conspiratorial and/or state-sponsored components effecting a successful act in which…

….valuable, competitive advantage, and market space delivering information-based (intangible) assets are stolen or misappropriated?

Would it be more useful to devote time, energy, resources, etc., to executing the most effective enterprise-wide policies, practices, and procedures to…

  • identify and sustain control, use, ownership, and monitor the value and materiality of a company’s most valuable and revenue producing (intangible) assets, and
  • ferreting out would be insiders regardless of their nationality or country of origin?

Willie Sutton, the infamous bank robber, according to urban legend, responded when asked, ‘why do you rob banks’ in very straightforward and simplistic fashion, ‘it’s because, that’s where the money is’!

In a perverse sort of way, and, of course, setting aside classified national security assets, Sutton’s view and mine are similar in this context; U.S.-based intangible (intellectual property) assets are frequently, if not wholly targeted because, globally speaking, this is where large percentages of such assets originate and developed.

So, why should it come as any particular surprise that U.S.-based intangibles are targeted by insiders, trusted, or otherwise, by various nationalities.  Generally, the suspects (by nationality) are demonized in the media and other sources, when in fact, it’s virtually certain the victim organizations – companies will seek new/additional trading opportunities or business transactions with those countries (nationalities) tomorrow and for the foreseeable future.

In all the research I have and continue to conduct and experiences I have had in various aspects of economic/industrial espionage and addressing insider threats and risks, I am familiar with very few companies which have elected to withdraw their business associations with a country and/or its government following a theft and/or misappropriation of proprietary intangible assets.  That’s not to suggest victim companies overlook or dismiss such events.  Rather it is to suggest lucrative business opportunities associated with numerous countries in which insiders frequently originate can be discounted literally and figuratively.

One example, among countless others, bears this out quite nicely.  Several years ago, a U.S. based computer manufacturer established three new assembly sites in Asia.  Before the sites’ became operational a senior executive projected her company would lose in excess of $125 million dollars in ‘IP’ during the relatively short life cycle of these particular assembly plants.

There is, to be sure, more ‘ink and talking heads’ focusing on the China link, as being the primary initiator, collector, and beneficiary of stolen and misappropriated IP.

What is disconcerting about this in my view, are the increasingly sophisticated technologies used by an ever expanding range of state sponsored and independent brokers that, in many respects, render the term ‘insider’, as it is conventionally applied, outmoded, if not obsolete.  That is, (human) presence is simply no longer an absolute requisite to the range of illegal acts which insiders can successfully engage.

However, will – would a company who reports being victimized by an insider, e.g., Dyson v Bosch, for example, in which, it so happens, the alleged perpetrator is of Chinese origin, done anything differently in terms of how they designed and implemented their insider threat mitigation practices, policies, and procedures?

In today’s increasingly interconnected global business transaction environment, there is a high level of universality in the economic fact that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, sustainability, profitability, market space, and competitive advantages  lie in – evolve directly from a range of intangible assets.

Companies may have far greater success in mitigating insider threats and risks when such acts/behaviors are characterized in particular relationship contexts, i.e., vendors, trusted personnel, or more specifically, relationship, structural, and intellectual capital.

But, a question remains, for me at least, can insider threats – risks be more effectively mitigated if they focus on an employee’s nationality and that nationality’s propensity, receptivity, and/or proclivity to be part of, or engage in insider acts in a state sponsored context?  And, if one believes it can, would the product of the overall insider threat/risk mitigation initiatives, i.e., implementation of policies, procedures, and practices really look any different?

More specifically, is there a need to design/execute insider threat – risk mitigation practices differently if the target company assumes the threat evolves primarily, if not solely from state-sponsored sources, independent (legacy free) brokers, or disgruntled employees?  The answer to this question, in my view, is a prudent and somewhat cautious yes!

The business reality I have come to know, is that very few companies are eager or willing to jeopardize relationships with several billion potential  consumers and those country’s rapidly rising middle class, based solely on the inevitability they will lose certain amounts of their valuable intangible – intellectual property assets.

Of course, I am certainly not implying that companies should be less prudent in designing and executing any market entry planning and/or business transaction with firms in other countries.

But, readers please recognize, it’s not solely a company’s IP which a large percentage of insiders are seeking, i.e., patents, copy rights, trademarks, rather it’s the intellectual and structural capital, the knowhow, and the processes and procedures necessary to achieve economic and competitive advantage.  I’m quite confident, for those who disagree, will be constantly engaged in uphill skirmishes in which periodically a war or two may be one, but seldom, if ever will the persistent and asymmetric (insider threat-risk) battles be won!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Insiders and Moles: Stealing Company Secrets…

November 1st, 2012. Published under Insider Theft of IP and Intangible Assets, Insider Threats. No Comments.

Michael D. Moberly   November 1, 2012

As reported by the AP last week, Dyson, a large UK-based firm, known most for its bag-less and ball mounted home vacuum cleaners, filed legal proceedings against Bosch, a German competitor.

The legal action accused Bosch of having illegally obtained Dyson secrets, i.e., ‘digital motor technology’ through the efforts of an ‘insider’ working in Dyson’s R&D unit for perhaps as long as two years, according to the AP report.

Dyson spokesperson characterized this insider as a ‘rogue engineer or mole’.  On behalf of myself and numerous highly experienced (insider threat) colleagues, I’m confident we would all be hard pressed to suggest the term ‘rogue’ is an appropriate descriptor for such acts and/or behaviors.   For us, ‘rogue’ implies a single or otherwise one-off experience, whereas we, based on sound research and personal experience are inclined to characterize insider threat(s), in which there is no shortage, as being persistent, globally asymmetric, generally sophisticated technologically and personally, and come embedded with numerous tangible – intangible (personal) motivators for doing what they do.

Interestingly, the AP reported, Dyson had confronted Bosch with evidence of the wrongdoing but Bosch…

  • refused to return the alleged misappropriated (digital motor) technology, i.e., intellectual property, and
  • failed to promise it would not to use the acquired know how or technology for its benefit, even though reports indicated Bosch had already benefitted.

These adverse responses from Bosch obviously left Dyson’s legal representatives – advisors with few reputation saving options, other than to take the legal action it did.

Is the term ‘mole’ an appropriate descriptor of insider threat today?   To be sure it is!  In the court filings, Dyson also alleged that Bosch paid this individual (aka the mole) through a separate (unincorporated) business that apparently had been created precisely for such purposes, which is, presumably to exploit – execute insider risks and threats, which it is further alleged, certain senior Bosch management were well aware.

Bosch disputed, or at least tried to mitigate some of the allegations, one of which pointed out that Dyson had employed this individual, i.e., the mole, with a preexisting consultancy agreement with Bosch Lawn and Garden Ltd. in relation to garden products, and not vacuum cleaners or hand dryers.  Too, Bosch, expressed regret that Dyson had elected pursue legal action in this matter, saying it has been trying to establish what happened and what, if any, confidential information was supposedly passed and/or actually received.

Should Dyson’s allegations eventually be established (proven), it would be no great surprise to see some manner of economic settlement in advance of a trial.

Before finishing though, I hold a somewhat different view about what Dyson’s competitor was likely (actually) targeting in this instance, and it should not be simply described as intellectual property!.

As stated numerous times in this blog, I have worked, studied, and conducted much research on intangible assets relative to economic/industrial espionage in many different circumstances over the past 25+ years.  A deep understanding (business appreciation) of global economic – competitive advantage adversaries, suggests any insider threat – risk equation should absolutely include an adversary’s ability to understand and/or replicate the intangible assets they frequently target and successfully acquire, i.e., the intellectual and structural capital and know how that’s embedded in any alleged misappropriated or stolen intellectual property.

After all, it is an economic fact – business reality that intangible assets today, comprise 65+% of most company’s value, sources of revenue, and building blocks for growth, sustainability, and profitability. It seems quite correct then to state with much conviction, that the intangible assets which are absolutely essential to achieving competitive advantages, building product/service quality, creating efficiencies, and achieving market position are what’s being targeted, not merely IP, other than, of course trade secrets.

There’s no question, companies – competitors engaged in using stolen intangibles, do so because they have, in most instances, an equally strong desire to compete globally and in the same market space as the rightful holder, owner, and/or developer of the valuable and competitive advantage driving intangible assets being targeted.

Know how (intellectual capital) can, to be sure, be classified as proprietary information or trade secrets (providing the holder consistently executes and meets the six requisites of trade secrecy). Either way, I can confidently report that companies would be well served if they identified and safeguarded the contributory value of the intangible assets that underlie all of their IP, because that’s what the adversaries need, want, and seek most!

So, to effectively mitigate insider risks-threats, the contributory value of intangible assets companies produce, should become a routinely visited, if not a permanent fixture on every company’s c-suite agenda!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

 

 

CSO’s…Information Asset Protection Policies Must Isolate Insiders!

October 8th, 2012. Published under Insider Threats, Intangible asset protection. No Comments.

Michael D. Moberly   October 8, 2012

Anecdotal accountings and a multitude of studies identify gradations, motives, tenacity, and intensity of the threats-risks posed by ‘insiders’.  Insiders engage in a range of adverse acts which include theft, misappropriation, and/or leakage of information (intangible) assets that compromise the value, revenue, competitive advantages, and ownership of proprietary information, know how (intellectual capital), trade secrets and other intellectual properties.

Unfortunately, challenges remain insofar as obtaining objective and replicable evidence, beyond anecdotal reports, to describe the full adverse economic-competitive advantage impact of materialized insider risk events, other than to broadly characterize them as being substantial and probably growing.  When insiders are successful in perpetrating asset-data breaches and/or thefts, public reporting is now often mandated by statute which in turn often produces costly and often irreversible consequences affecting, among other things, a company’s reputation.

Through my lens, companies are now obliged, more than ever before, to…

  • re-think their information asset protection policies to thwart risks/threats from insiders, which all-too-frequently, begin and end during employee on-boarding processes.
  • recognize that periodic (in-employment) re-assessment is necessary and include the means to identify and assess post-hire…
    • receptivity
    • inclination
    • predisposition…

….to engage in adverse acts and/or policy violations that will compromise a company’s valuable and revenue producing information (intangible) assets.

The necessity for companies to comprehensively address risks – threats posed by insiders is elevated in large part because of the economic fact – business reality that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth and sustainability lie in – directly evolve from intangible assets, many of which are rooted in – emanate from, as previously noted, from intellectual properties, proprietary information, and other forms of intellectual, structural, and relationship capital.

So, as company’s value, sources of revenue, and ‘building blocks’ for growth, sustainability, market position, future wealth creation, and competitive advantage are increasingly and inextricably linked to information-based intangible assets, the will and resources necessary to effectively mitigate insider risks-threats should become a routinely visited fixture not just on every CSO’s dashboard, but, every company’s c-suite agenda!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Pre-Employment Screening: An Insider’s Propensity – Receptivity Can Change After Date Of Hire

March 27th, 2012. Published under Analysis and commentary, Insider Theft of IP and Intangible Assets, Insider Threats. 1 Comment.

Michael D. Moberly    March 27, 2012

The findings of numerous well researched studies, most notably those produced by DoD’s Personnel Security Research Center (PERSEREC) and Carnegie-Mellon University’s CERT unit, describe significant and persistent challenges (risks, threats) posed by insiders, primarily employees, to company’s intangible (information, IP) based assets.

The risks ‘insiders’ pose to a company’s intangible assets, i.e., trade secrets, intellectual property, and proprietary know how, reputation, goodwill, etc., are most troubling and challenging too me, because of their persistence, stealthy ingenuity, and non-reaction to conventional (general and/or specific) deterrents.  Therefore, companies should not be too celebratory when a single insider is apprehended and the risk/threat they posed is neutralized or mitigated.  The reason, it’s highly probable numerous other insiders are already engaged in comparable or more detrimental acts which merely have yet to surface.

Both PERSEREC’s and Carnegie-Mellon’s published research on insider risk/threat matters brings much needed clarity and understanding about who, what, how, and the various influences and circumstances which information asset compromises and/or losses occur.  Most importantly too me however, are insights the research sheds on the proverbial and sometimes not-so-obvious why insiders engage in the illegal acts, i.e., their rationale and/or motives.

The research clearly suggests that (a.) the challenges associated with effectively safeguarding the increasing amounts of valuable proprietary information-based intangible assets, e.g., IP,  trade secrets, and know how, etc., and (b.) the losses-compromises attributed to insiders, is on the rise.

However, the insider threat-risk findings revealed by PERSEREC, Carnegie-Mellon, and others, indicate there are three aspects that remain somewhat blurred or perhaps incomplete, i.e., the

  1. precise number of insider executed incidents
  2. actual value of those losses measured in dollars, competitive advantages, reputation, goodwill, etc., and
  3. who the real end user – beneficiary of the information loss and/or compromise is, i.e., a state sponsored entity, an industry/sector competitor, or one of a myriad of legacy free players or brokers.

Some key reasons such revelations are not as clear and/or complete as needed is the:

  • evidence of insider executed threats/risks is largely anecdotal and/or company specific
  • victim companies/organizations are occasionally predisposed to assume the culprit is a foreign national, i.e., an economic or national security adversary
  • instructive evidentiary-investigatory elements of an unknown number of incident(s) are classified because the victim – target is a government agency, thus there is no public report of the incident
  • self (public) admission of a successful insider attack can rapidly diminish a victim company’s reputation, goodwill, image, etc., therefore companies seldom find it in their interest to report such events unless mandated by state/federal law.

Every company – organization today should be vigilant about the risks-threats posed by insiders. The actual level of vigilance that’s necessary today largely lies, in my judgment, in the nine attributes of insiders who engage in ‘IT sabotage’ which Carnegie-Mellon researchers identified.   Vigilance should ultimately be operationalized (translated) into effective practices, policies, and procedures to address, mitigate and/or counter the following:

  1. Access – an insider can target a company from behind its primary defensive wall, i.e., perimeter and may not arouse suspicion…
  2. Knowledge, trust, familiarity – of both a company’s IT system and the targeted assets within that system permits insiders’ to engage in acts of discovery, again, frequently without arousing suspicion…
  3. Privileges – an insider (employee) often can obtain the privileges necessary to conduct their attack…
  4. Skills – insiders can engage in an attack by working within a target’s (company’s existing) domain of expertise…
  5. Risk – insiders tend to be risk averse in preparing for and conducting their attack…
  6. Method – insiders are likely to work alone, but may recruit and/or co-op a trusted colleague for facilitation and/or enabling purposes…
  7. Tactics – the attack tactics applied by an insider are various and can include  (a.) an attack, hit and run, (b.) attack, and eventually run, (c.) attack until caught, and/or (d.) economic/industrial espionage…
  8. Motivation – an insider may engage in an act for (a.) profit, (b.) getting paid to disrupt the target, (c.) provoke change in a/their company and/or target, (d.) blackmail, (e.) subvert/undermine the mission of the target, (f.) a personal motive, or (g.) revenge…
  9. Predictable Processes – the motivation for an attack by an insider can evolve from (a.) a particular, usually adverse, event, (b.) personal sense of discontent, (c.) being ‘planted’ in a company to conduct an attack at some future time, (d.) adversary identifies a target and mission that meets their (or, another parties’) needs…

These nine attributes still give rise to three important questions:

First – with respect to the nine attributes above, can they be extrapolated – are they applicable to the risks/threats presented by insiders to a company’s information assets, in addition to IT system sabotage?

Second – if so, can these attributes be consistently identified and assessed (legally) using existing pre-employment screening – interviewing techniques?

Third – presumably, while each attribute need not be present in every incident, can each attribute be validly translated (converted) into pre-employment screening processes?

What’s at stake for companies when insider threats – risks materialize is substantial financial losses, civil actions, and diminished reputation etc.   Management teams who remain dismissive about their asset protection fiduciary responsibilities and elect to either not put in place safeguards to prevent and/or mitigate insider threats-risks do so at their own peril.

On the other hand, it would again seem useful if CERT’s nine attributes associated with IT sabotage could be validly translated-converted into pre-employment screening practices.  Presumably then, the presence of certain proclivities, propensities, and/or an applicant’s overall receptivity to engage in such adverse acts or policy violations could be revealed in advance.

But perhaps, that’s too much to ask or expect at this point!

While visiting  my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) .  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry at  314-440-3593 or m.moberly@kpstrat.com

Insider Threats – Risks To Information Assets: The 20-60-20 Rule

March 14th, 2012. Published under Insider Theft of IP and Intangible Assets, Insider Threats. No Comments.

Michael D. Moberly    March 14, 2012

Among information asset protection professionals, there’s an adage or as some refer to it, a ‘rule of thumb’ that remains relevant at least since I initially read about it 25+ years ago. It’s euphemistically referred to as the ’20-60-20 rule’ and many, myself included, believe it constitutes a fairly realistic characterization of the persistent ‘insider threat’.

The following represents my perspective (definition) of the ‘20-60-20’ adage:

One – 20% of the people we work with are inherently honest, and possess consistently high levels of (personal, professional) integrity.  These individuals are not likely to be inclined or receptive to engage in risky, unethical, or dishonest behaviors, acts, or violations of company (information security/protection) policies.  Consequently, they’re much less likely to be the type of individual whom there would be much concern insofar as stealing or misappropriating proprietary information, trade secrets, intellectual property (IP), other information-based intangible assets or become the target of an Economic Espionage Act investigation.

Two – Then, there’s 20% of the people we work with who, for all practical purposes, reside on the opposite end of the spectrum.  For these individuals, when their seemingly thin social-psychological veneer is grazed, it’s likely one would find an inherently dishonest and unethical individual who possesses misguided, or little, if any, sense of professional/personal integrity and particularly loyalty with respect to complying with company policies or government laws/regulations related to protecting proprietary information, trade secrets, or IP.  These individuals, for example, would likely be receptive to and possess the propensity, when certain opportunities or influencers exist, to engage in risky, unethical, and/or illegal acts such as theft or compromise of valuable and mission critical information assets.

An exacerbating and distressing variable to this segment of the people we work with, is the increasing number of instances in which the ‘outer fringes’ of this segment are inclined (self-motivated) to become an initiator of sorts, by engaging in external solicitation-elicitation initiatives to sell or distribute any information assets they have misappropriated or stolen from their employer. Translated, this means they may contact competitors or other (global) economic-competitive advantage adversaries to leak and/or offer for sale their employer’s proprietary information, trade secrets, or IP for personal profit-gain or various other reasons.

Three – Lastly, there’s the 60% of the people we work with who are essentially ’in the middle’, so to speak. These individuals typically do not (overtly) demonstrate any particular receptivity or proclivity, to engage in dishonest, unethical, or illegal acts that would purposefully put their employers proprietary information, trade secrets, or IP at risk.

However, and it’s a big however, the outer fringes of this segment, closest to the 20% characterized in #2 above, are observant!  That is, their future actions and behaviors may be variously dependent on or influenced by their interpretation-assessment of:

  • employer reactions and sanctions imposed on fellow employees who are caught violating company information protection-security policies
  • the degree, level, and consistency of monitoring which their employer engages relative to safeguarding, overseeing, and managing its proprietary information, IP, and trade secrets.

Admittedly, there’s nothing particularly scientific or legally defensible about the 20-60-20 perspective, other than to say it probably evolved from ‘anecdotal guesstimates’. But, the percentages do draw, and properly so, our attention to the persistent challenges presented by ‘insiders’ and the absolute need for effective pre-employment screening.

One approach to addressing the insider challenge attributed to the always forward looking Esther Dyson was when she remarked, ’it’s not about counting the number of copies anymore, rather, it’s about developing relationships with employees and users’ (who can access the proprietary information we endeavor to safeguard).

Perhaps Ms. Dyson is not familiar with the ’20-60-20? adage described here, or fully appreciates the ‘insider’ threat as the persistently problematic issue (risk, threat) it has become in today’s hyper-competitive, predatorial, and winner-take-all global business environment.

But, there is some reality to Ms. Dyson’s remark, at least in terms of ‘people we work with’ and their propensity – receptivity, at some point in their career, not just their first week of employment, but, after undergoing various ‘snap-shots-in-time’ pre-employment screenings, to engage in acts that result in the theft, compromise, misappropriation, and/or infringement of proprietary information, IP, and trade secrets!

While most of my familiarity with ‘insiders’ is a direct result of personal experience, I respectfully attribute much of my current thinking and approaches for addressing this extraordinary challenge to the fine work-research consistently produced by PERSEREC (Personnel Security Research Center, DoD) and Carnegie Mellon’s CERT unit.

Wikileak Phenomena…New Insider Dimensions To Corporate Reputation Risk!

February 16th, 2012. Published under Analysis and commentary, Insider Threats, Reputation risk.. 2 Comments.

Michael D. Moberly    February 16, 2012

I characterize the reactions by companies following last year’s ‘wikileaks’ phenomena, as adding more dimensions to mitigating the mounting inevitability that corporations will experience reputation risk.

 We witnessed those dimensions converge in a layered context to elevate the complexity of managing reputation risk, i.e.,

  1. the reactions – responses by PayPal, Visa, and Mastercard, and servers, etc.,
  2. the aggressive re-actions apparently perpetrated by ‘wikileak’ advocates-proponents in the form of denial of service attacks and various forms of hacking, etc.,
  3. the demeanor/behaviors exhibited by Julian Assange himself (aside from the outstanding criminal warrant awaiting him in Sweden) in terms of whether his (the wikileaks) website and his actions may come to be perceived publicly as that of a mere leaker, a quasi – citizen journalist, a self-styled technology era solicitor, or merely a middle man with an unwise agenda.
  4. announcements by Assanges’ legal counsel and other supporters of a ‘roll out’ of  a (presumed) defense strategy.
  5. the various efforts to deflect, mitigate, and counter the ‘leaks’ about U.S. and foreign government diplomatic (non-public) initiatives
  6.  the global ‘talking heads’ that consistently offered opinions through all forms of media
  7. global open source, transparency, and First Amendment advocates weighing in on the issues
  8. the respective positions of U.S. Departments of State and Defense portraying their reality that classified and embarrassing information has been leaked.
  9. U.S. Attorney General Holder’s public legal strategies presumably intended to deter future instances of leaks.
  10. growing anticipation of what additional, presumably sensitive and/or proprietary information is being held hostage, but presumably awaiting release by Assange that target specific companies.

Both collectively and individually, each of the above dimensions have prompted much warranted discussions in c-suites and board rooms globally, in addition to now necessary research focusing on the inevitability there are many more ‘PFC Mannings’ to come on both the government and the private sectors respectively.  It’s certainly a given, at least in my view, that many of the aforementioned discussions will likely include an array of recommendations for mounting and executing some form of ‘pre-emptive strike’ so to speak, i.e.,

  • screening ring client/customer lists to identify (assess, project) the potential for ‘wikileak’ types of problems to arise
  • severing associations with or creating some manner of probationary ‘watch list’ for customers-clients (stakeholders) that pose a particular ’wikileak’ type of hazard or show no evidence of executing practices (policies and procedures) that demonstrate they recognize its potential criticality
  • new oversight initiatives related to the selection, retention, and/or hosting and payment services to companies that engage in ‘wikileak’ types of acts that are contrary to existing law prescribed ethics.

It is certainly not a stretch, as I’m confident most, if not all of my colleagues would agree, that we will witness numerous companies that have already engaged in some variant of a ’pre-emptive’ strike as conveyed above.  Experience suggests, such pre-emptive strikes, if I can call them that, will most likely occur in the form of (private sector) policy changes intended to forestall as well as mitigate what may well be the initial salvo to try to counter this added dimension to, what has been up to this point, more conventional reputation risks.

Unfortunately though, what some companies may overlook or leave out of their ’reputation risk management equation’ is that engaging in ‘feel good’ pre-emptive strikes are generally irreversible.  That is, they ultimately do more strategic harm and present more reputational challenges than a poorly construed equation allows decision makers to recognize and consider.

The bottom line is, as most successful business decision makers understand, is that a company’s reputation, while being a generally valuable intangible asset, can be quite fragile.  Once compromised or attacked, unless the company’s reputation-goodwill bank is brimming full in advance, even partial economic – competitive advantage recovery will be a very costly and time consuming endeavor.

For some time, in both the private and government sectors, there have been significant initiatives underway to integrate information technologies to make relevant information accessible up and down a company’s supply chain and onto the battlefield using techniques which are often, in my view, much tweaked approaches to ‘knowledge management’.

The well intentioned premise of knowledge management, of course, and its 2012 variants, lies in the notion that more people (employees across functional-operational lines) need and should have access to certain information as a tool to aid various decision making processes, i.e., speed up the resolution of a problem, create efficiencies, etc.

In today’s global ‘information asset sharing business environment’, it should come as no surprise then that some PFC Manning’s of the future, may actually feel compelled to leak sensitive information or do so merely because they had the capability at their fingertips.  Engaging in downloading and/or copying of classified information however, and making it available to Wikileaks, which we must recognize is merely one of a growing number of ready and willing global outlets, which when confronted, may well lay claim to a (citizen) journalistic orientation that flows from their ‘first amendment’ rights.

Much research, personal experience, and countless anecdotes from colleagues leaves us with the very strong impression that there are literally thousands of PFC Manning’s who have the wherewithal and receptivity, if not a penchant, to become an ‘insider’.  An insider is a term which we in the information asset protection and security arena refer to as a conniving and feisty lot who consistently pose challenges to all sectors insofar as leaking sensitive information. 

Insiders come wrapped in many different motives which collectively form their sometimes distinctive rationale for doing what they do; steal, disseminate, and/or sell proprietary or classified information to those who have no legitimate (authorized) right to see, much less read that information and then knowingly disseminate it to entities that will make it available in an open source context.  In the private sector such acts may fall into categories of misappropriation or infringement.  In the government classified arena it’s likely to be called espionage!

When insiders are successful, as it appears PFC Manning was, not once, but perhaps multiple times, the product of their misdeed can, and often does wreak havoc with its target(s) which as we’ve already noted carries many new dimensions.  Those dimensions are especially critical in the increasingly inter-connected environment of business and government.

 Being reasonably well versed regarding ‘insider threats’ and some of the research which PFC Manning’s illegal behavior has spawned, again suggests he’s certainly not the proverbial ‘lone wolf’.

As for government victims, returning to a state of diplomatic normalcy following such a massive leak will be neither easy nor swift.  On the other hand, when such circumstances occur in the private sector, something which I’m more familiar, there are many financial, personal, and professional ‘fences that require mending’, some of which remain irreversibly broken which impacts a company’s bottom line very quickly.

What’s new and clear relative to the Manning – Assange incident is that there’s no precedent for the shear mass of data and information that was taken and disseminated aside from perhaps, the ‘Pentagon Papers’, a 1960’s event which few,  if any ‘mannings’ even know about let alone try to emulate. 

But that doesn’t discount, nor does it explain away the reality that many foresaw something of this nature and on this scale was inevitable!

The work of insiders, while it may not be the world’s oldest profession, it certainly does, in my view, rank in the top five.  And, to add insult to injury, stealth in this instance, was apparently merely a single PFC’s rouse of downloading ‘Lady Ga Ga’ music but, from a remote government computer with access to classified information.  I still have a hard time believing this was the act of a single PFC who acted alone.  I’m not suggesting this event should rise to the same level of debate whether Lee Harvey Oswald acted alone.

However one perceives the Manning’s of the world, in my view, it represents somewhat of a new breed of insider (threat, risk).  One that is more calculating, in some respects more stealthy, and whose acts can potentially cause more irreversible, costly, and immediate damage-harm and embarrassment to a company or organization than their predecessors who were largely confined or limited to stealing only ‘hard copies’ that they could put in the proverbial shoe box and carry out of a building under their overcoat.  Not unlike the former Detroit auto executive who literally put paper copies of ‘plans, intentions, and capabilities’ of his former employer to take to his new European automaker employer as somewhat of an arrogant, yet very strategic ’housewarming gift’.

Let me be clear though, this is not so much about the insider threat posed by the ’Wen Ho Lee’s who was originally charged, circumstantially at least, with compromising classified materials belonging to a U.S. national laboratory and giving them to an adversary.  The Manning event certainly has relevancy to the classified arena in terms of the types of assets now being targeted by an ever growing number of economic, competitive advantage, and military adversaries.  It is also a ‘wakeup call’ to the millions of small and mid-size companies that have developed unique and valuable sets of intangible assets that literally deliver (underlie) those company’s value, sources of revenue, competitive advantages, market position, and growth potential.

When an SME experiences a theft, misappropriation, or compromise by a trusted insider of one or more of its key revenue producing intangible assets, while the consequences are certainly not equivalent or comparable to national security breaches, their impact to that SME, in terms of lost revenue, undermined competitive advantages, lost market position, etc., can be, and often is, devastating and irreversible. 

So, as this construct, which I call ‘the new insider’ emerges, studies and research conducted by DoD’s Personnel Security Research Center and Carnegie Mellon University’s CERT unit provides important and timely credence and relevance.

A particular PERSEREC study appropriately titled ‘Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability to Insider Espionage’ was a significant factor in influencing how I am framing ’the new insider’ and the risks-threats they pose.  This particular study characterizes the ‘insider threat’ in a very compelling and rational global context.  It describes some very ominous challenges governments and corporations alike face, relative to trying to deter, prevent, combat, or mitigate, however one wishes to portray it, insider risks and threats. The four key one’s (described in this PERSEREC study) are conveyed below:

  1. Fewer employees today, and presumably in the future, are (will be) deterred by a conventional sense of employer loyalty.  In other words, they have a tendency (proclivity) to view theft of information assets to be morally justifiable if sharing those assets, they believe, will benefit the world community or prevent armed conflict…
  2. There is a greater inclination for employees who are – will be engaged in multinational trade-transactions to regard unauthorized transfer of information assets or technologies as a business matter, rather than an act of betrayal or treason…
  3. The value of – market for protected information assets, presumably regardless if it is a company’s proprietary information or trade secrets or a government agency’s classified information, has elevated as those so inclined, i.e., insiders, recognize it can be sold for a profit to an ever widening range of receptive global entities…
  4. Companies are at greater risk for experiencing insider theft of information assets than previously because there is no single countervailing trend to make it more difficult or less likely to occur…

So, designing effective practices-techniques to mitigate, counter, and ultimately defend against the insider threat, whether it be a ‘PFC Manning’ or far more technologically sophisticated and global players, should, above all, not be based solely on or unduly prejudiced by :

  • past events
  • anecdotal (internal, external) snap shots in time, or
  • generalized assumptions about one’s ethnic allegiance.

Rather, a company’s defenses to the insider threat should be well grounded in current and applied research and findings of highly specialized research as noted above.

Let it suffice to say, insider (threat, risk) challenges, left unchecked, or poorly addressed, can produce wide ranging and cascading affects that can instantaneously ripple throughout a company or government agency or department.  Let it be understood though, such risks-threats are unlikely to miraculously recede or fade away through attrition, terminations, or resignations.  Rather they require execution of practices that duly reflects the current, as well as future global business environment and can rapidly adjust to forward looking research.  But perhaps most importantly, it should not merely plug yesterday’s leaks!