How to Identify & Prevent Data Threats by Employees in the Workplace

As technology becomes more sophisticated, so are the threats to our data and privacy. A recent survey of 150 Inc. 5000 companies revealed that 53 percent of respondents said they feel more confident about the security of their company's data now compared to five years ago. Though the renewed confidence amongst organizations is a welcomed surprise, cyber threats continue to be an ever-evolving hazard. Not only are cyber criminals becoming more nimble in their efforts, but cybercrime can also often happen much closer to home base.

Whether it be intentional or not, data loss by employees is quickly becoming one of the biggest threats to an organization's security. As part of the most recent version of the Cost of Insider Threats: Global Report conducted by Ponemon Institute on behalf of IBM, 964 IT and IT security practitioners were interviewed at 204 organizations around North America, Europe, Middle East and Africa, and Asia-Pacific. The findings are alarming. Each organization experienced one or more data-compromise events caused by employees, and saw a total of 4,716 events over 12 months.

These stats cannot be related to improving hacker intelligence. Instead, employees are also to blame, and you may be surprised to find out where these employees sit on corporate organizational charts. How can organizations better identify and prevent data loss induced by employees? We have a few important tips for you to consider.

The Most Common Employee-Related Data Threats:

In order to prepare for and prevent future scenarios of data loss caused by employees, we must first review the most common threat scenarios:

• Malicious or criminal intent: Employees know the inner workings of the organization they work for better than outsiders (most of the time). Therefore, data for intentional exposure can be more easily obtained.
  
  
• Credential theft: Similar to the above statement, employees often have or know where to find credentials for important organizational accounts. If shared intentionally, these credentials can grant bad actors access to sensitive data.
  
  
• Negligence: In most cases, employees do not intend to cause damage to employers and their clientele. A lack of foresight or knowledge in how to handle suspicious material can result in unexpected cybersecurity events.

It is not only what is visible on the surface that is concerning. It is also what is not necessarily apparent that is worrisome. Since many organizations and their IT leaders do not expect employee data sabotage, they can unknowingly be facing cybersecurity-loss situations right now. IT leaders must consider company personnel when it comes to identifying data loss incidents in the workplace.

Where Does Employee Confidence Stand?

Most IT sector professionals are confident in their organizations' ability to tackle day to day cybersecurity threats.

You may be surprised to know that C-Suite Executives are the ones least likely to comply with the company's cybersecurity policy. According to SecurityScorecard, "most executives are pros when it comes to financial risk management, they don't always understand cyber risk. One of the most common misconceptions is that cybersecurity and risk management is a technology problem. But that isn't the case -- cybersecurity is as much a business problem as financial risk is."

How to Better Prepare Your Team for Threat Detection:

When looking to identify and prepare for cybersecurity threats, one of the biggest challenges facing organizations is being under-resourced. Besides listening to employee concerns more thoroughly through surveys and meetings, other recommendations that organizations can use include:

• Forming a specific security operations center for 24/7 monitoring.
  
  
• Creating a smart detection strategy using network traffic analysis and anti-malware technology.
  
  
• Emphasizing on-going security training for all employees, including the latest external cybersecurity threats and internal security guidelines for accessing and granting access to data.
  
  
• Prioritizing security in the company's tech-budget.

What Else is Affected?

When cybersecurity threats break through your organization's lines of defense, it is not just your internal teams that are affected; risk also lies in the following areas and beyond:

• Loss of customer or supplier trust
  
  
• Being fined by a regulatory authority

Trade Secrets for Personal Gain - General Electric is Hit by Intentional Employee Data Theft:

Jean Patrice Delia, a now-disgraced former employee of General Electric (GE), thought he could fly under the radar, downloading thousands of proprietary files, including company trade secrets. His end goal? Start his own company to compete against his then-current employer, GE. Along with his co-worker, Miguel Sernas, Delia stole elements of computer programs and mathematical models that GE used to calibrate turbines in power plants. Delia also convinced another co-worker in the IT department to grant him access to files he had no business seeing. These files revealed a wealth of information on previous proposals and cost models that GE used to bid on new projects.

In total, Delia and Sernas amassed over 8,000 corporate files.

How did GE catch on to the scheme? In May 2012, they were surprised to see an unknown competitor bidding to service a large power plant in Saudi Arabia. The bid was extremely low, though it was very similar to what the base cost of the work usually costs them to do. While researching this "unknown competitor", it was revealed that it was a company incorporated in Canada by Jean Patrice Delia.

After over seven years of investigation by the FBI, in close consultation with GE, it was determined that Delia, with the help of Sernas, sent the stolen calculations over email and uploaded them to cloud storage accounts. In 2020, the malicious employees were criminally charged and sentenced to prison time and a 1.4 million dollar restitution payment to General Electric.

You can read more about the General Electric case by visiting the FBI webpage.

The Final Word...

Prevention and identification will be important components to an organization's response to a potential cybersecurity threat, including those related to employees. If prevention fails, quick identification is key. Remember to consider all angles; and yes, that includes your own personnel, no matter how much you trust them.