For years the CERT Insider Threat Center has been studying organizations' current and former employees, contractors, and trusted business partners who steal intellectual property (IP) from their organizations. We have published reports that detail the problem: who does it, why, when, how, etc. We have also published reports on mitigation strategies based on our analysis of the problem. (Links to the reports are at the bottom of this post). These strategies focus on the detection of suspicious online actions, as well as logging strategies that provide electronic evidence to assist in the response process when insider theft is detected. A recent testimony by the FBI suggests that organizations need to pay attention to this significant problem.

On June 28, 2012, C. Frank Figliuzzi, Assistant Director, Counterintelligence Division , FBI, made a Statement Before the House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence. His statement was titled "Economic Espionage: A Foreign Intelligence Threat to Americans Jobs and Homeland Security" (https://archives.fbi.gov/archives/news/testimony/economic-espionage-a-foreign-intelligence-threat-to-americans-jobs-and-homeland-security).

Key items of interest :

• "In the FBI's pending case load for the current fiscal year (2012), economic espionage losses to the American economy total more than $13 billion."
• "In just the last four years, the number of arrests the FBI has made associated with economic espionage has doubled; indictments have increased five-fold; and convictions have risen eight-fold"
• "As the FBI's economic espionage caseload is growing, so is the percentage of cases attributed to an insider threat, meaning that, individuals currently (or formerly) trusted as employees and contractors are a growing part of the problem. "
• "The insider threat, of course, is not new, but it's becoming more prevalent for a host of reasons, including:
  • The pervasiveness of employee financial hardships during economic difficulties;
  • The global economic crisis facing foreign nations, making it even more attractive, cost-effective, and worth the risk to steal technology rather than invest in research and development;
  • The ease of stealing anything stored electronically, especially when one has legitimate access to it; and
  • The increasing exposure to foreign intelligence services presented by the reality of global business, joint ventures, and the growing international footprint of American firms."

We urge you to review our reports to help you avoid being included in those statistics!

"A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders" https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=10131

"Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination"
https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9875

"A Preliminary Model of Insider Theft of Intellectual Property"
https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=9855

"An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases"
https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=9807

"Spotlight On: Insider Theft of Intellectual Property iInsider the U.S. Involving Foreign Governments or Organizations"
https://www.sei.cmu.edu/about/divisions/cert/index.cfm

"The CERT Guide to Insider Threats" (book published in Jan 2012)
https://resources.sei.cmu.edu/library/

If you would like additional help from the CERT Insider Threat Center we offer insider threat assessments and workshops, or contact us at insider-threat-feedback@cert.org.