The media has been saturated in recent months with news articles of Chinese hackers gaining access to U.S. corporate and government networks, carrying ominous warnings about the Chinese hacking menace and the threat it presents to U.S. business.
In actuality, hacking of this type — where foreign hackers penetrate networks and stay there for long periods of time — is old news to the cyber security community. For a number of years, leading experts have warned of this type of hacking, often referred to as Advanced Persistent Threats (“APTs”).
Are APTs and other forms of hacking a serious threat to companies’ trade secrets and proprietary data? No question.
But are they the largest such threat that companies face? The answer remains “no.” Company insiders, not outside hackers, are involved in more than two-thirds of all cyber cases involving theft of intellectual property. Moles, opportunists, contractors, disgruntled employees, and ex-IT personnel — all currently pose a greater risk to corporate intellectual property than state-sponsored hacking and APTs, both in frequency and in damage caused.
This white paper takes a look at the prevalence of insider threat, provides examples of high-profile cases, and discusses steps that should be considered to reduce the risk from insider cyber threat.