Although the bulk of our work comes from attorneys, and businesses we’ve worked with numerous times over the years, we obviously still get new clients that either come our way via referral or from locating us online. Regardless, a pretty common denominator with our new clients is that they were blindsided by the theft of their company’s private information and only realized it after the proverbial horse had left the barn. Sure, we assist those that are not prepared when someone steals their intellectual property, but I feel we’d be remiss if we didn’t try to help them get in front of such a scenario going forward if it were to happen again, and barring any internal change, it likely will. I speak on this to groups all the time, largely about how we’ve all been trying for so long to strengthen the walls to prevent the bad guys from getting in that we fail to recognize the weakness inherent with those that are already within the walls. The so-called insider threats. I say “so called” because while that is indeed an apt description, I hesitate to use the phrase without some sort of qualifiers or further discussion. To that end, there are different types. In short, there’s the malicious (intentional stealing of data) which is what we mostly assist with, the accidental (whoops I lost my laptop), and the negligent (I know I should be more careful but oh well). I tell folks that the first step in helping to mitigate this wrongdoing (intentionally or accidental) is in creating a culture where people first understand the value of the data they interact with and second have a clear understanding of what is right and wrong when it comes to what is done with a company’s trade secrets. One of the findings of the recent Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey is that “Despite recognition of insiders as a common and vulnerable point of attack, fewer than 20% of respondents reported having a formal incident response plan that deals with insider threat.”
So while more organizations are starting to understand the importance of exploring the soft underbelly of their business when it comes to exposure, they don’t know what to do with it. What’s more, 62% of the respondents said they had not experienced an insider attack, yet 38% admitted that their detection and prevention capabilities were not effective! This alarming fact makes it’s clear that a much higher number of insider attacks/exposures have occurred and gone blindly undetected.