SlideShare ist ein Scribd-Unternehmen logo

Threat From The Inside, Fti Journal

A
Albert Kassis

Media and Analyst CoverageThe Threat from Inside - The Risks of IP Theft FTI Journal - March 2012 Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise. James Scarazzo Director, FTI Technology Jason Ray Director, FTI Technology

1 von 3
Downloaden Sie, um offline zu lesen
issue 7 T h e T h r eat f ro m I n si d e technology Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise. A cross the globe, cyber attacks had experienced internal theft of James Scarazzo from outside the company intellectual property. Fearful of losing Director, FTI Technol- get enormous attention. But their jobs, some employees become ogy, FTI Consulting jim.scarazzo much less attention is directed toward desperate, and one way of protecting @fticonsulting.com an equally perilous — and possibly themselves is to walk off with more daunting — threat: employees information that would be valuable to a Jason Ray Director, FTI Technol- travis rathbone for fti journal absconding with intellectual property competitor — for example, lists of top ogy, FTI Consulting and other confidential information. customers, pricing schedules, strategy jason.ray Since the economic downturn, documents or computer code. @fticonsulting.com cases of intellectual property theft Helping oneself to company by employees have been increasing information is getting easier. Whereas significantly. A recent study by the U.S. pilfering information once meant Federal Bureau of Investigation found photocopying it and sneaking it out, that 44% of companies it studied today more than 80% of a company’s FTICONSULTING.COM #15
fti files technology competing business with confidential client information. They shared their plans through text messages on company-owned smartphones. No company is immune to these attacks. Because so much company information is used legitimately outside the office, it is practically impossible to information is stored electronically. set meaningful alarms. But companies Some 75% is never printed. As can better protect themselves. employees bring their own mobile Management teams should tighten devices to work and make use of employee onboarding and exiting “the cloud” to store and exchange processes, and put proper forensic information, it can leave the company’s computer procedures in place. control in seconds. Employee intellectual property Onboarding and Exiting theft is difficult to detect. A company’s When companies bring on new workers have legitimate access to employees, the process should proprietary information as part of thoroughly cover company policies on their work. For example, few would intellectual property and confidentiality. question a sales representative’s Ideally, these policies would be copying contact lists, presentations or included in employment contracts and other material for easy access outside confidentiality agreements. Continually the office. Thus, employee theft of articulating these policies is crucial. intellectual property often flies below It makes the company position clear Because so the radar. Here are two examples of and supports legal actions in which much company FTI Consulting projects: employees claim policies were vague. information is The employee exit process is also used legitimately An industrial equipment an effective point for heightened outside the office, manufacturer discovered information scrutiny. Although it is not practical it is practically theft only after its suspicions were to conduct forensic computer impossible to set aroused by the resignation of the investigations with every employee sales vice president and several direct departure, management should meaningful alarms. reports all on the same day. They had identify key positions with potential formed another business and were risk. These could include sales using sales contacts, pricing models representatives, whose contact lists and other information to build it. often contain customer data that is Members of a financial services protected by privacy laws, but also any firm were conspiring to set up a employees with access to proprietary #16
issue 7 The views expressed in this article are those of the authors and not necessarily those of FTI Consulting, Inc., or its other professionals. or confidential information that they and having reliable evidence allow might use after leaving. management and legal teams to decide early what steps they can Make Sure Information and should take. For example, the Works as Evidence company could file for a temporary When companies suspect employee restraining order, pursue court orders intellectual property theft, they often to examine personal computers, or move hastily: IT or HR is contacted simply contact the employee’s new and the staff springs into action by employer and inform the company of opening files and saving information what has occurred. It is also valuable onto CDs or portable devices. On to tightly integrate computer forensic the surface it may appear that the activity with other forensic processes evidence has been obtained. But in in the company, such as accounting. actuality, all the company has is data. Evidence of fraud or other misconduct Opening, printing That probably isn’t usable as evidence. is likely to be found in computer files and saving files Evidentiary standards require and electronic communications. Early, can permanently detailed chronological documentation coordinated and immediate action may change metadata of everything that happened to the be necessary to discover evidence and that records who did data. Opening, printing and saving files prevent its destruction. what to the file can permanently change metadata that In times of economic distress, the and when. records who did what to the file and incidence of employee intellectual when. Just booting up a computer can property theft by employees can overwrite items such as caches and jump. Although such theft is difficult temporary files. Combined with altered to detect, companies can take steps metadata, these changes can make it to protect themselves and make difficult to prove what the employee strong defensive moves when theft is actually did. suspected. Sometimes computer experts can restore damaged evidence, but just as often they can’t. The process can be costly and take valuable time. To avoid the fire drill, management should be certain that proper computer forensic skills and processes are in place. Move Quickly to Action Stolen intellectual property can improve with age — the people who have taken it have more time to use it. Quickly understanding the facts FTICONSULTING.COM #17

Empfohlen

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-mainCaio Sanchez Christino
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERHamesKellor
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 

Empfohlen

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-mainCaio Sanchez Christino
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERHamesKellor
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodTAL Global - International Security and Counter-Terrorism Consultancy
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
 
Lotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social DragonLotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social DragonKathy (Kat) Mandelstein
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systemsmeritnorthwest
 
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
 
FTC Case Study
FTC Case StudyFTC Case Study
FTC Case StudyAlbert Kassis
 
Fti Journal Predictive Discovery
Fti Journal Predictive DiscoveryFti Journal Predictive Discovery
Fti Journal Predictive DiscoveryAlbert Kassis
 
Antitrust Case Study
Antitrust Case StudyAntitrust Case Study
Antitrust Case StudyAlbert Kassis
 
Refco Case Study
Refco Case StudyRefco Case Study
Refco Case StudyAlbert Kassis
 

Weitere ähnliche Inhalte

Was ist angesagt?

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
 
Lotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social DragonLotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social DragonKathy (Kat) Mandelstein
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systemsmeritnorthwest
 
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
 

Was ist angesagt? (18)

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of Byod
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber Webinar
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computers
 
Lotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social DragonLotusphere 2012: Learning the Ways of the Social Dragon
Lotusphere 2012: Learning the Ways of the Social Dragon
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systems
 
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 

Andere mochten auch

Fti Journal Predictive Discovery
Fti Journal Predictive DiscoveryFti Journal Predictive Discovery
Fti Journal Predictive DiscoveryAlbert Kassis
 
Antitrust Case Study
Antitrust Case StudyAntitrust Case Study
Antitrust Case StudyAlbert Kassis
 
Email Risk, by Albert Kassis
Email Risk, by Albert KassisEmail Risk, by Albert Kassis
Email Risk, by Albert KassisAlbert Kassis
 
Metadata Strategies by Albert Kassis
Metadata Strategies by Albert KassisMetadata Strategies by Albert Kassis
Metadata Strategies by Albert KassisAlbert Kassis
 

Andere mochten auch (6)

FTC Case Study
FTC Case StudyFTC Case Study
FTC Case Study
 
Fti Journal Predictive Discovery
Fti Journal Predictive DiscoveryFti Journal Predictive Discovery
Fti Journal Predictive Discovery
 
Antitrust Case Study
Antitrust Case StudyAntitrust Case Study
Antitrust Case Study
 
Refco Case Study
Refco Case StudyRefco Case Study
Refco Case Study
 
Email Risk, by Albert Kassis
Email Risk, by Albert KassisEmail Risk, by Albert Kassis
Email Risk, by Albert Kassis
 
Metadata Strategies by Albert Kassis
Metadata Strategies by Albert KassisMetadata Strategies by Albert Kassis
Metadata Strategies by Albert Kassis
 

Ähnlich wie Threat From The Inside, Fti Journal

Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsChristina Lekati
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycomplianceReadWrite
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...Business Development Institute
 
Digital Espionage and Business Intelligence
Digital Espionage and Business IntelligenceDigital Espionage and Business Intelligence
Digital Espionage and Business IntelligenceRoopak K Prajapat
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 

Ähnlich wie Threat From The Inside, Fti Journal (20)

Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider Threats
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycompliance
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...
Sarah Carter, Actiance Presentation - BDI 4/14/11 Financial Services Social C...
 
Digital Espionage and Business Intelligence
Digital Espionage and Business IntelligenceDigital Espionage and Business Intelligence
Digital Espionage and Business Intelligence
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 

Threat From The Inside, Fti Journal

  • 1. issue 7 T h e T h r eat f ro m I n si d e technology Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise. A cross the globe, cyber attacks had experienced internal theft of James Scarazzo from outside the company intellectual property. Fearful of losing Director, FTI Technol- get enormous attention. But their jobs, some employees become ogy, FTI Consulting jim.scarazzo much less attention is directed toward desperate, and one way of protecting @fticonsulting.com an equally perilous — and possibly themselves is to walk off with more daunting — threat: employees information that would be valuable to a Jason Ray Director, FTI Technol- travis rathbone for fti journal absconding with intellectual property competitor — for example, lists of top ogy, FTI Consulting and other confidential information. customers, pricing schedules, strategy jason.ray Since the economic downturn, documents or computer code. @fticonsulting.com cases of intellectual property theft Helping oneself to company by employees have been increasing information is getting easier. Whereas significantly. A recent study by the U.S. pilfering information once meant Federal Bureau of Investigation found photocopying it and sneaking it out, that 44% of companies it studied today more than 80% of a company’s FTICONSULTING.COM #15
  • 2. fti files technology competing business with confidential client information. They shared their plans through text messages on company-owned smartphones. No company is immune to these attacks. Because so much company information is used legitimately outside the office, it is practically impossible to information is stored electronically. set meaningful alarms. But companies Some 75% is never printed. As can better protect themselves. employees bring their own mobile Management teams should tighten devices to work and make use of employee onboarding and exiting “the cloud” to store and exchange processes, and put proper forensic information, it can leave the company’s computer procedures in place. control in seconds. Employee intellectual property Onboarding and Exiting theft is difficult to detect. A company’s When companies bring on new workers have legitimate access to employees, the process should proprietary information as part of thoroughly cover company policies on their work. For example, few would intellectual property and confidentiality. question a sales representative’s Ideally, these policies would be copying contact lists, presentations or included in employment contracts and other material for easy access outside confidentiality agreements. Continually the office. Thus, employee theft of articulating these policies is crucial. intellectual property often flies below It makes the company position clear Because so the radar. Here are two examples of and supports legal actions in which much company FTI Consulting projects: employees claim policies were vague. information is The employee exit process is also used legitimately An industrial equipment an effective point for heightened outside the office, manufacturer discovered information scrutiny. Although it is not practical it is practically theft only after its suspicions were to conduct forensic computer impossible to set aroused by the resignation of the investigations with every employee sales vice president and several direct departure, management should meaningful alarms. reports all on the same day. They had identify key positions with potential formed another business and were risk. These could include sales using sales contacts, pricing models representatives, whose contact lists and other information to build it. often contain customer data that is Members of a financial services protected by privacy laws, but also any firm were conspiring to set up a employees with access to proprietary #16
  • 3. issue 7 The views expressed in this article are those of the authors and not necessarily those of FTI Consulting, Inc., or its other professionals. or confidential information that they and having reliable evidence allow might use after leaving. management and legal teams to decide early what steps they can Make Sure Information and should take. For example, the Works as Evidence company could file for a temporary When companies suspect employee restraining order, pursue court orders intellectual property theft, they often to examine personal computers, or move hastily: IT or HR is contacted simply contact the employee’s new and the staff springs into action by employer and inform the company of opening files and saving information what has occurred. It is also valuable onto CDs or portable devices. On to tightly integrate computer forensic the surface it may appear that the activity with other forensic processes evidence has been obtained. But in in the company, such as accounting. actuality, all the company has is data. Evidence of fraud or other misconduct Opening, printing That probably isn’t usable as evidence. is likely to be found in computer files and saving files Evidentiary standards require and electronic communications. Early, can permanently detailed chronological documentation coordinated and immediate action may change metadata of everything that happened to the be necessary to discover evidence and that records who did data. Opening, printing and saving files prevent its destruction. what to the file can permanently change metadata that In times of economic distress, the and when. records who did what to the file and incidence of employee intellectual when. Just booting up a computer can property theft by employees can overwrite items such as caches and jump. Although such theft is difficult temporary files. Combined with altered to detect, companies can take steps metadata, these changes can make it to protect themselves and make difficult to prove what the employee strong defensive moves when theft is actually did. suspected. Sometimes computer experts can restore damaged evidence, but just as often they can’t. The process can be costly and take valuable time. To avoid the fire drill, management should be certain that proper computer forensic skills and processes are in place. Move Quickly to Action Stolen intellectual property can improve with age — the people who have taken it have more time to use it. Quickly understanding the facts FTICONSULTING.COM #17