Virtualization Technology News and Information
Data Loss and Departing Employees: Sounding the Alarm Before the Damage is Done

By Joe Payne, CEO, Code42

In the span of just a week, news broke on three high-profile, insider threat cases about employees who made a haul. They made away with trade secrets and gained access to confidential customer data. How? They side-stepped security controls and used utterly unsophisticated tools like jump drives and emails.

Infosecurity: Desjardins Insider Accessed Data of 2.9m Members

CyberScoop: Former McAfee employees conspired to take 'secret sauce' to Tanium, lawsuit says

Reuters: SunPower sues former executive over trade secrets

This is not just a fluke in the news cycle. Insider threat is a major and growing problem. In the last four years alone, insider threats are up 50 percent. It's no longer a matter of whether data leaves companies, but when it leaves - and it's leaving every day.

Yes, it's difficult to think that our own employees might not be doing it right when it comes to their actions at work. But the fact is, when employees quit jobs, they take project plans, source code and customer lists with them - and 60 percent of them admit to it. Odds are companies don't even realize the data is gone until months after the damage is done. The case that really drives this home is McAfee.

The company recently announced a lawsuit against three former employees for stealing trade secrets before they went to work for Tanium, a market rival. If a data loss prevention (DLP) leader like McAfee didn't detect data walking out the door until it was too late, why would anyone trust legacy DLP software to keep their data safe? Short answer: they shouldn't.

Most companies are blind to insider threat

Simply put: Legacy DLP alone does not work. It was not built to meet the needs of today's progressive workplaces.

For starters, data is more portable than ever before - so taking it has never been easier. Customer lists, product specs and go-to-market plans are just a few examples of critically important files that are simple to take. Employees can store hundreds of gigabytes on their mobile devices, put 1TB or more of data on removable media, or quickly transfer data to personal cloud storage services like Dropbox.

Not only is data moving around more, but so are employees. According to market research, half of the labor force is out looking for a new job; and half of job seekers have been at their companies for less than one year. As more people job hop, more data is at risk. But that's not all. When employees quit one job and move to another in the same industry, the data they bring with them creates even higher stakes.

Companies don't have an offboarding process for data

When employees depart, most companies have a regular offboarding process that includes collecting badges, cell phones and laptops. What they don't have is a process that ensures employees leave important data behind. But they should because departing employees are your biggest insider threat. This applies to employees from all levels of the company. The reality is even executives take data when they leave - 72 percent of CEOs admit they've taken valuable IP from a previous employer.

There's a data visibility gap in the security stack

Companies today are flying blind to insider threat. A startling 90 percent of insider data loss, leak and theft goes undetected internally because companies can't see where their data lives, who has access to it, and when and what data leaves.

To make matters worse, traditional data loss prevention solutions are not sounding an alarm when suspicious data movements occur. Its rigid rules overwhelm security teams and create blind spots to unexpected activity. The end result? A lack of visibility. And without visibility to all data - especially IP, like source code, sales pipelines and product roadmaps - a business remains vulnerable.

Prevention is not enough

There is a better way to protect data from loss - and it's based on two important assumptions.

First, it defines data security not by what you can prevent, but by how fast you can detect and respond to threats. It works based on the premise that all data is important; and it gives organizations complete visibility to where their data lives and moves.

Second, this detect-and-respond approach assumes that you trust no one when it comes to safeguarding your data from loss, leak or theft. The trustworthiness of the employee is not a factor because the technology works at the data level instead of the user level, tracking and monitoring all activity from endpoints to the cloud.

Chances are you are suffering from a data loss incident right now and don't even know it. If you don't want to be wrapped up in a lawsuit with a former employee, it's time to take a closer look at your data loss protection strategy. You want to get the right tools in place to catch data loss before employees depart and the damage is done.


About the Author

Joe Payne 

Joe Payne brings to Code42 more than 20 years of leadership and a proven track record with high-growth software companies. He has a broad experience base in delivering software and Software-as-a-Service (SaaS) solutions to enterprises across numerous industries. As President and CEO of Code42, he drives the company's strategic direction and oversees all operations.  

Published Friday, August 02, 2019 8:14 AM by David Marshall
Code42's New Data Loss Detection and Response Capabilities Spot Data Theft When Employees Quit : @VMblog - (Author's Link) - August 7, 2019 9:34 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2019>