How Insider Threats Lead to Intellectual Property Loss: What You Need to Know
The loss of intellectual property (IP) is a significant concern for many businesses, and for good reason. IP is a vital brick in the foundation of many of our everyday activities, from copyrighted films and books to patented gaming and sports technology.According to the United States Patent and Trademark Office(USPTO), IP-intensive industries account for 41% of total U.S. GDP and 33% of total U.S. employment.
Insider threats are a major source of IP loss for a variety of reasons. While IP loss can be the result of an external actor launching an attack, it is far easier for internal users to access and exfiltrate. Insiders are liable to steal IP for financial or personal gain, and even to cause IP loss by mistake.
Insider Threats
An insider threat occurs when an internal actor at an organization acts to harm the organization from within, whether intentionally or unintentionally. The Ponemon Institute’s 2022 Cost of Insider Threats report breaks down insider threats into three main categories.
Risks of Insider Threats
Insider threats can be extremely costly, and many organizations experience several attacks per year. The average annualized cost of insider threat incidents in 2022 was more than 15 million USD. Employee or contractor negligence is the least costly per incident, but the most common type of insider threat by a wide margin. Criminal and malicious insiders and credential thieves cost more per incident, but occur far less frequently.
Some common stories for insider threats include an employee selling trade secrets to a competitor, stealing sensitive data to take to their next position or start a new company, or just looking to harm the company due to a personal vendetta. According to “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property,” some of the most common problems preceding IP theft by insiders are disagreements over ownership of IP, fights over compensation, and being passed over for promotion.
Connection to IP Loss
It makes sense that insider threats often involve IP theft. Employees handle proprietary IP in the course of their everyday functions, the protections in place to prevent theft are less likely to be able to detect risky behaviors coming from within the company, and stealing IP is more discreet than stealing physical property. Things like trade secrets and trademarked, patented, or copyrighted material can turn a profit either directly—by being sold to a competitor company, criminal group, or foreign government—or indirectly—by giving an individual a leg up at a new job or when starting their own company.
The issue of IP ownership is also often murky and difficult to pin down. Individuals who played a part in the creation of vital enterprise IP may feel entitled to use it for their own purposes. This is one of the most common rationalizations for employee theft, alongside “the arguments that ‘everyone else is doing it’ [and] ‘the information may be useful to me in the future.’”
Dangers of IP Theft
One major concern related to IP theft is that it hinders innovation and technological progress. It disincentivizes the development of new ideas in more than one way. A lack of protections and enforcement regarding IP theft sense criminal actors the message that they can get away with it, while simultaneously sending potential innovators the message that their IP will not be secure.
The financial costs of IP theft are also nothing to scoff at. The Associated Press reports that IP theft costs the U.S. economy up to $600 billion each year.
Because IP encompasses things like “sensitive information related to defense, energy, or critical infrastructure technologies,” IP theft can even become an issue of national security. In the same way that disgruntled insiders are capable of selling trade secrets and other sensitive information to competitor companies, insiders with access to information that is vital for national security can be swayed to sell information to foreign governments.
Conclusion
Whether it comes from within an organization or not, IP loss is a daunting specter to contend with. Many companies have IP as their greatest asset, and the theft of critical IP can make or break an organization. The ubiquity of IP theft and the difficulties associated with defending against it make IP theft the path of least resistance to financial gain for many bad actors.
Insiders, both those intentionally stealing IP and those mistakenly causing IP loss, are able to use their authorized access to sensitive data to harm the company. Their activities are difficult to monitor to the degree necessary to detect risky behaviors without a large volume of false positives. This makes it easy for internal actors to carry out IP theft for a variety of reasons.
Follow Techr for more!