Johannesburg, 01 Dec 2021
Spare some sympathy for Facebook's executives. There is little comfort knowing that someone could simply copy important documents and walk out of the building. Insider theft hurts regardless of motive. And, sometimes, the damage is beyond pale.
In 2019, the Chinese aircraft manufacturer Comac revealed the C919 airliner, a rival to brands such as Boeing and Airbus. Only, it appears to have benefited from rampant intellectual theft. According to hack-investigation firm CrowdStrike and numerous industry experts, the aircraft contains numerous designs that appear to have been stolen from companies, including the aforementioned airline makers, as well as GE, Safran and Honeywell. The alleged thefts would have knocked years of development – and billions of dollars – off Comac's R&D efforts.
While we obsess a lot about general cyber crime such as the theft of personal data, there is a much more damaging trade in intellectual property, says Kurt Mueffelmann, Global Chief Operating Officer at archTIS: "The real danger is around intellectual property. It could be billions of dollars in trade secrets, billions of dollars of market cap, or billions of dollars of brand reputation. A lot of time goes in from a research and development standpoint, and it can cause a lot of damage if that data is stolen."
Motivations for theft
Most insider thefts occur for reasons of greed or revenge. Tesla went after a former engineer it accused of stealing autopilot systems to land a job at a rival.
"People steal IP for a couple of different reasons," explains Mueffelmann. "Financial gain is the biggest thing that's out there. You might be paid well for it, or when you leave one job and, say, take sales information or architectural drawings and go to another company, it'll make your job easier. The other thing is revenge. If people feel slighted by what their company is doing, they may say, 'I'm going to get these guys and so I'm going to steal this stuff.' There are also insiders who are coerced or blackmailed."
What makes insider threats so vexing is that only a small group of people at a company might decide to steal IP. It's a puzzle for security, which anticipates motivated attacks from the outside. Matters become a lot more challenging to catch insiders in the act or to discourage them.
"A substantial problem for security is that the people who steal such information often already have some level of legitimate access to it. They might be an executive, or maybe they are an administrator with the keys to access everything. Most security focuses on keeping the wrong people out. But it's not so easy to stop the right people from doing the wrong things."
Files in transit
Today's digital workplaces and collaboration tools amplify these issues. People work more decentralised and have different opportunities to access company data under different circumstances. Mueffelmann relates a story from an executive who read a bedtime story for his toddler. When the child fell asleep on his lap, he didn't want to move but couldn't reach his laptop. So he used his kid's iPad to access work documents.
It's an innocent example but raises an important point: One can harden security around company information, yet that can come at the cost of productivity. If people cannot access what they need, they will find ways to circumvent controls. How can an organisation balance a file-in-transit workplace with sufficient security oversight?
"You start to look at data-centric security and methodology around protecting the information itself," answers Mueffelmann. "You get down to that pure essence of the granularity of the particular document."
Data- and file-centric security is not a new concept. But many implementations require elaborate file taxonomies. Instead, modern approaches look at attributes such as who created the document, which department they're from, and when and where the file was created. This approach is known as attribute-based access control (ABAC).
"Without knowing what's in each individual document, using ABAC we can quickly identify all the documents that are created by people associated with HR. Once we look at that attribute, then right away, we can lock that down. You don't need that very cumbersome taxonomy component. You focus on document and user attributes, to determine access and control usage rights in real-time. Then you can apply failsafes such as secure readers, watermarks containing the name of the person accessing the document, and other restrictions."
Such methodologies extend to other security threats. Even if someone breaches company systems, the same behavioural and attribute scrutiny will apply. Thus, file-in-transit security creates a critical layer that protects organisations from a less appreciated yet more devastating threat – insiders.
Share