Insiders are a pervasive threat. A recent 2022 report by a company specializing in insider risk revealed that there was a 72 percent increase in insider incidents with 42 percent of these activities focusing on the theft of sensitive information. Additionally, an aggregation of this data cited government being in the top five of industry sectors exploited. The report cited three types of insider threats: an insider not intending to do harm but may do so because of negligence; an insider who intends to do harm via data theft or sabotage; and a “super malicious” insider threat whose technical skills and understanding facilitates malicious activities demonstrating an ability to conceal his operations from detection. If Durham’s filing proves correct, the Tech Executive clearly demonstrates this third category of insider threat as he was well positioned to “normalize” his actions in the specific environment without raising immediate red flags.
The common image of the insider threat is that of a person deliberately trying to circumvent security mechanisms, such as an angry employee who has been fired or a disgruntled worker trying to cause some damage to the enterprise. But focusing on just those types of scenarios puts the organization at risk because the security teams may not notice other people who didn’t realize the consequences of seemingly small actions.
For example, an employee who is trying to perform a task as part of their day-to-day work may have to deal with a process that, to them, feels cumbersome or bureaucratic. When they figure out a shortcut, they are not deliberately trying to break the rules to personally profit off the activity. But they are not thinking about the fact that there may be a reason why the process was created in that specific way.
With the rising threat of ransomware and other attacks that originate from outside organizations’ networks, it’s easy to forget the damage that an insider threat—whether it’s employee carelessness or something more malicious—can cause in both money and resources.
Two recent reports on insider threats detail how these incidents have changed over the past two years, especially in the wake of COVID-19, and how other issues such as work-from-home, greater reliance on cloud-based applications, and the Great Resignation have added to these concerns.
Economic espionage is the act of stealing company trade secrets with the intent or knowledge that doing so “will benefit any foreign government, foreign instrumentality, or foreign agent.” 18 U.S.C. 1831(a)(1). The Act also prohibits attempts to steal trade secrets with the intent or knowledge that doing so will benefit a foreign government. 18 U.S.C. §1831(a)(4). Typically, economic espionage is directed or sponsored by a foreign power seeking to secure sensitive trade secrets or business information from U.S. based persons or entities.
Intellectual property (IP) theft, especially of trade secrets, remains a significant threat to advanced U.S. industries, global competitiveness, and national security. It is foundational to the U.S. trade dispute with China, given state-sponsored efforts to steal as much American know-how as possible. Yet, instead of new laws and regulations, the United States has relied mainly on tariffs in an indirect effort to convince China to curb these illegal practices.
Experts say insider threats have always been a concern. But previously, the focus was mostly on what a volunteer poll worker or part-time employee could do to a polling place or county system, said Ryan Macias, who advises officials at the federal, state and local levels on election security. Now the potential harm extends to the very foundation of democracy — conducting fair elections.
“Since 2020, the coordinated efforts to have threat actors run for office, apply to be election officials and volunteer as a poll worker or observer should be treated as national security concerns,” Macias said.