The Verizon RISK Team recently released an analysis gleaned from the 2012 Data Breach Investigation Report that looks at the ongoing issue of insider threats and intellectual property theft [PDF]. According to data highlighted in the report, 46% of all breach events which culminated in the loss of proprietary data involved an employee.
The report notes that most data breaches are crimes of opportunity, but this is not the case with intellectual property (IP) theft. IP theft tends to be targeted in nature which changes how these breaches are carried out. Most IP theft tends to have a specific purpose behind it vs opportunistic theft that often goes for the quick cash out. For insiders, this insight was shared:
“Insider threats are motivated by self-interest and influenced by personal preferences, social context and local culture. As Prospect Theory predicts, trusted insiders are hungry for the possibility of personal gain by stealing IP. Like any other crime, a person needs a combination of means, opportunity, and intent in order to steal intellectual property,” said Danny Lieberman, CTO of Software Associates, a software security consultancy based in Israel.
Interestingly, both outsiders and insiders are often involved in the breach of IP, indicating a great deal of collusion in these crimes. The report looks at the threat agents used to gain access to the IP, the type of assets compromised, the timeline from attack to discovery and containment as well as some great insights. A very insightful document for organizations across industry lines.