For seven years, Zhengquan "Jim" Zhang worked as an IT engineer for KCG Holdings, a Wall Street securities firm, where he managed the source code for the firm's trading platform and algorithms. When news of a potential takeover started to spread, Zhang got nervous, thinking his job could be eliminated. That acquisition was completed last July 20th, three and a half months after FBI agents arrested Zheng, accusing him of stealing more than three million proprietary files, the very files that make up the core of the firm's business.
In the popular imagination, data breaches are typically brought about by outsiders: the hoodie-wearing twenty-something operating out of a dark bedroom or basement—a character out of "Mr. Robot," or NBC's "NCIS," perhaps. Maybe they're typing in Cyrillic or spreading North Korean ransomware.
But oftentimes the threat looks more like Zhang, a corporate professional few would have suspected of theft. In fact, a significant amount of data breaches are caused by such insiders.
Insider data theft and privilege misuse are behind 15 percent of all data breaches, excluding those caused by errors, according to the 2017 Verizon data breach report. Sixty percent of those insider data theft incidents involve a user who intends to abscond with data "in the hope of converting it to cash somewhere down the line," according to the report. Such theft can be particularly difficult to catch, with months and even years passing before an incident is discovered. The risk of insider data theft is particularly strong in the healthcare industry, where Verizon identified 68 percent of threat actors as insiders.
The "threat from within" is leading to heightened vigilance among cybersecurity professionals.
A recent industry study by Delta Risk found that insider threats remained top of mind for many. Seventy-four percent of organizations felt vulnerable to insider threats, while almost half of surveyed security professionals said that insider risks had increased in the past year, resulting in greater rates of stolen data and security breaches.
The cost of such incidents can be huge. A typical corporate data breach costs $3.62 million, or $141 for each compromised record. Data loss caused by malicious insiders, as opposed to negligence or systems glitches, is particularly expensive, costing $156 per record.
But you don't need to despair at the proliferation of insider data theft and misuse. A strong information governance regime can help reduce insider theft risks and identify potential threats when they occur. When possible misuse arises, an agent-based data loss prevention system can alert you of suspicious activities.
At that point, some firms turn to the same discovery and data management tools that they use during litigation. In a sophisticated platform, data can be processed in a matter of minutes and culled to narrow down documents to the most important files.
Powerful search tools help you identify the "smoking gun" quickly. If an employee has been emailing herself proprietary documents, for example, that can be spotted easily. Then there are the cases when an insider has been engaged in more sophisticated wrongdoing. Zhang, for instance, allegedly subverted his firm's security measures by hacking into colleagues' accounts and modifying a company web app. In such instances, complex queries and stacking searches can help you tie together crucial concepts, keywords, and relationships in order to develop an understanding of what transpired. Exoneration or a call to the FBI could soon follow.
You may not be able to thwart every data theft attempt made by a disgruntled employee, but catching such events quickly and easily can bring significant cost and reputational savings—in some cases even preventing an employee from walking away with the information that makes up the heart of a business.
This post was authored by Casey C. Sullivan, Esq., who writes regularly for Closing the Loop, Logikcull's eDiscovery and information management blog - terrific reading for legal professionals. You can subscribe here.