Michael D. Moberly December 18, 2009
The ‘insider threat’ to information-based intangible assets, proprietary competitive advantages, and intellectual property represent persistent, global, nuanced, and frequently costly challenges to company’s.
In light of the economic fact that 65+% of most company’s value, sources of revenue, and foundations for future wealth creation and sustainability lie in – are directly related to intangible assets, those company’s dependant upon (their) intangibles and routinely find them in play as important elements to business growth and/or business transactions, would be well advised to keep abreast of current (insider threat) research with an ‘eye’ for fine tuning and/or updating (their) best practice defenses.
No ‘war stories’ here because I believe most management teams, boards, and investors are generally familiar with the fiduciary importance/relevance of intangibles. But let it suffice to say, insider (threat) challenges, left unchecked, or poorly addressed, go to the very heart of a company’s value and sources of revenue. Such risks are unlikely to miraculously recede or fade away through attrition, terminations, or resignations, etc., absent the execution of best practices that thoroughly reflects and can adjust to current and forward looking research, e.g., (a.) how the insider threat evolves, (b.) who the ‘insider’ is, and (c.) the various motives.
Research findings of this caliber that provide both a ‘big picture’ as well as practical and relevant insights ‘into insiders’ are regularly produced by two institutions that represent assemblages of genuine subject matter experts, i.e., Carnegie Mellon’s CyLab and DoD’s Personnel Security Research center (PERSEREC).
Both PERSEREC and Carnegie Mellon’s definition of ‘insider theft of IP’ share commonalities which I have converged as ‘crimes in which current or former employees, contractors, or business partners intentionally exceeded or misused an authorized level of access to networks, systems, or data to steal confidential or proprietary information from an organization and variously use it in three primary ways, (a.) get another job, (b.) help a new employer, (c.) or promote their own ‘side’ business.
A central theme underlying (perhaps embedded in) each motive however is the insiders’ desire to leverage their illegal deed to achieve some form of ‘personal financial gain’.
Designing effective practices-techniques to mitigate, counter, and ultimately defend against the insider threat should, above all, not be based solely on or unduly prejudiced by (a.) past practice, (b.) anecdotle (internal, external) snap shots, or (c.) generalized assumptions about ethnic allegiance. Rather ‘defenses’ to the broad and complex phenomena of insider threats should be well grounded in the relevant, current, and applied research and findings of specialist research teams ala the CyLab, PERSEREC or other institutions.