Sensitive Data and Infiltration Risk
The Great Resignation picked up steam in 2021. According to the U.S. Bureau of Labor and Statistics over 32.7 million workers voluntarily quit their jobs in 2021, an increase of over 30% from 2020 and 2019. Total separations, which include layoffs and terminations, decreased by 14%. Organizations are struggling to retain top talent and job openings continue to outpace qualified personnel.
So, what does this mean for insider risk? When people leave their jobs, they are often tempted to take sensitive information with them. Our 2022 Insider Threat Report showed that 56% of organizations assessed had sustained potential data theft because of employees leaving or joining the company.
This can include customer lists, product plans, source code, and financial projections.
Did you notice the detail in that last sentence? “…employees leaving or joining the company.” We often think about the risk of data exfiltration. But allowing new employees to bring misappropriated confidential information and trade secrets into your organization creates infiltration risk. Here are a few recent examples:
- In 2022, Cartier sued Tiffany & Co. for allegedly misappropriating competitive information when Tiffany hired two former Cartier employees to work on its high jewelry line. The suit alleges the employees downloaded confidential information on Cartier’s line and passed it to employees at Tiffany.
- In 2019, a Chicago jury ordered Clearwater Analytics to pay SS&C Technologies $16 million in compensatory damages and $28 million in punitive damages for using “client lists, sales reports, marketing materials, proposals and client contract information” brought to Clearwater by a former SS&C employee. The former employee was ordered to pay only $1.
- In 2022, Uber Technologies was ordered to pay Alphabet Inc. a “substantial portion” of $120 million to settle a claim that Uber recruited a top engineer in the organization’s self-driving car program. That engineer downloaded 14,000 files from Alphabet’s servers just before he resigned.
- Chinese telecommunications company Hytera Communications was indicted for conspiring with former Motorola Solutions employees to steal digital mobile radio (DMR) technology from Motorola. If found guilty, Hytera faces a “criminal fine of three times the value of the stolen trade secret to the company, including expenses for research, design, and other costs that it avoided.”
In a job market, where good employees are in high demand, job hopping is not uncommon. We all know to watch for “indicators of malicious intent” for existing employees. These people already have authorized access to corporate systems, know where the crown jewels are stored, and plenty of opportunity (particularly in a Work-from-Anywhere world). For common users, downloading abnormal amounts of sensitive information or excessive encryption activity should raise flags. For Super Malicious Users, we need other tactics.
We need to be just as diligent with new employees. If someone is loading hundreds of megabytes of data into your source repository during their first few weeks on the job—take notice. If they are adding hundreds of contacts to Salesforce.com—ask questions.