Here's a disturbing story that should worry every security leader: A few months ago, Proofpoint, a leading vendor of data loss prevention software, filed a lawsuit against a former employee for stealing confidential sales-enablement data prior to leaving for Abnormal Security, a market rival. The heist wasn't sophisticated; the employee just walked out the door with the high-value documents on an unauthorized USB device. And the kicker? Proofpoint didn't catch the IP theft until months after the damage was already done.
This is just the latest case of a company that specializes in preventing data loss suffering embarrassingly public intellectual property (IP) theft. And it's a great warning for everyone reading this: The insider risk of IP theft is very real, it's very dangerous, and most companies aren't prepared to stop it.
Insider IP Theft Surging Amid the Great Resignation
Departing employees have always been a data security risk. Simply put: When people leave jobs, they take data and files with them. They take things that can help them land or succeed in their next gig — things such as source code, customer lists, and other trade secrets. A 2020 survey showed that more than two-thirds of workers say they've taken data to a new job more than once.
But the departing employee risk has exploded amid the so-called "Great Resignation" that Microsoft says has 41% of the global workforce (and 54% of Gen Z) ready to leave their jobs in the next year.
Taking IP Has Never Been Easier
The other part of the problem is that data has never been more portable — so taking it has never been easier. Employees can easily store hundreds of gigabytes on their mobile devices, send company documents to their personal Gmail account, or quickly transfer data to personal cloud storage services like Dropbox. It's little surprise that a recent report noted that corporate litigation involving trade secret theft has shot up 400% over the last decade. And the widespread shift to remote and decentralized work — the "Great Disruption" — has dramatically amplified the data portability challenge. As workers increasingly connect remotely and conduct their everyday work and collaboration through cloud apps, a 2021 study found that employees are now 85% more likely to lose or leak data than they were pre-pandemic.
This Is a Solvable Problem
Some of this is unavoidable: Employees are going to leave your company — and they're going to try to take data. But insider IP theft isn't unavoidable. The problem is that conventional data protection tools like data loss protection (DLP) can't keep up. They weren't designed for today's fast-paced, cloud-powered, on-and-off-network work cultures. Their rigid policies are always lagging behind what users are actually doing. And the blocking approach is a business inhibitor. Old tools like DLP just don't work anymore. Full. Stop.
Here's what even the "leaders" in DLP are missing in their insider risk and data protection strategies:
1) Comprehensive visibility: If your data security tools limit visibility to what you tell them to look for, your blind spots are growing every day. Companies need to be able to see all data activity — on endpoints, on and off the network, and in the growing range of authorized and unauthorized cloud apps.
2) Focused view on the biggest risks: One-size-fits-all data security policies don't make sense. You know who your biggest risks are. You should have tools in place that make it easy to focus in on high-risk groups like departing employees. And don't forget about new employees — you also need to make sure that the new guy isn't infiltrating IP from a competitor and putting your company at legal risk.
3) Context to drive fast, effective response: Insider risk isn't black and white. Context and nuance are the difference between "critical productivity you better not block" and "critical risk you better stop." To react quickly and effectively, you need to be able to immediately see this context — the who, what and how of an incident, down to the ability to view the exact files in question.
Put these three capabilities together, and you've got a forward-thinking approach that aligns with another major trend in today's business world: the notion of risk tolerance. Just about every organization now recognizes the need to tolerate a certain level of insider risk in the name of speed, agility, and innovation. But you can't tolerate risk unless you can see it first — and you can't draw the line on risk tolerance unless you have the tools to respond effectively when risk crosses that line.
About the Author
Mark Wojtasiak is co-author of the book Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can't Ignore, vice president of portfolio marketing for Code42, and frequent cybersecurity blog contributor. In his role at Code42, he leads the market research, competitive intelligence, and product marketing teams. Mark joined Code42, a leader in insider risk detection and response, in 2016, bringing more than 20 years of B2B data storage, cloud, and data security experience with him, including several roles in marketing and product management at Seagate.