Michael D. Moberly September 19, 2008
Studies and experiential evidence continue to mount insofar as identifying new twists, nuances, and motives regarding insiders’ inclination to engage in theft, misappropriation, leakage, and/or compromise their employer’s proprietary information, know how, intellectual property, and/or trade secrets which, when it occurs, will, with increasing certainty, have costly and often times irreversible consequences.
In my judgment, companies are now obliged, perhaps more than ever before, to literally re-think those elements of their (enterprise-wide) information security policies that address risks – threats posed by insiders that unfortunately, and all-too-frequently, begin and end shortly after an employee is hired. Companies are further obliged to recognize that periodic (post hiring) monitoring of employees, not solely focused on their IT – computer (system) usage and/or access, but also include their psychological – behavioral (a.) propensity, (b.) proclivity, and/or (c.) receptivity to engage in adverse acts and/or policy violations that expose a company’s extraordinarily valuable and revenue producing information-intangible assets to compromise, theft, misappropriation, or infringement, etc. Of course, any such initiatives must be (d.) respectful, (e.) legally defensible, and (f.) culturally compatible with the increasingly diverse work force which is the norm for globally operating companies.
The importance of addressing the risks – threats presented by insiders is elevated, again, in my judgment, due to the economic fact – business reality that today, increasing percentages, as much as 75+%, of most company’s value, sources of revenue, and future wealth creation lie in – are directly linked to intangible assets, that is, its IP, proprietary information and know how, etc., each of which are knowledge based, originated, and built.
As a company’s (g.) profitability, (h.) sustainability, (i.) global market position, and (j.) future wealth creation are increasingly and inextricably linked to those information (intangible) assets, the will and resources necessary to appropriately and effectively address the significant and persistent challenges presented by insiders should become a routinely visited – monitored fixture on every security managers’ dashboard and every company’s c-suite agenda!