The Insider Threat

The CEO of the XYZ Company, which relies on intellectual property for its corporate success, is frightened by increasing cyber attacks against major corporations like Sony and Target. He/She invests millions to enhance the company’s information security by hiring experts and installing the most sophisticated defenses on the market. One evening, however, the night shift janitor, who has no access to the company’s computer systems, filches crumpled papers with sensitive data from the office trash and sells them to a competitor.

This hypothetical example is based on real events. In its Guide to Insider Threats, Carnegie Mellon’s Software Engineering Institute cites a case involving a bank janitor, who searched through trashcans for personal information about customers and used the information to commit identity theft. In another case, a Corning Glass employee stole confidential blueprints regarding the company’s flat panel TVs from a hopper with papers to be destroyed and sold the materials to a foreign competitor. The culprits in both these cases didn’t need a single keystroke to commit corporate espionage.