The Insider Threat

By Michael Sulick

Michael Sulick is the former director of CIA’s National Clandestine Service and is currently a consultant on counterintelligence and global risk assessment.  Sulick also served as Chief of Counterintelligence and Chief of the Central Eurasia Division where he was responsible for intelligence collection operations and foreign liaison relationships in Russia, Eastern Europe and the former republics of the Soviet Union.  He is the author of Spying in America: Espionage From the Revolutionary War to the Dawn of the Cold War and American Spies: Espionage Against the United States from the Cold War to the Present

The CEO of the XYZ Company, which relies on intellectual property for its corporate success, is frightened by increasing cyber attacks against major corporations like Sony and Target. He/She invests millions to enhance the company’s information security by hiring experts and installing the most sophisticated defenses on the market. One evening, however, the night shift janitor, who has no access to the company’s computer systems, filches crumpled papers with sensitive data from the office trash and sells them to a competitor.

This hypothetical example is based on real events. In its Guide to Insider Threats, Carnegie Mellon’s Software Engineering Institute cites a case involving a bank janitor, who searched through trashcans for personal information about customers and used the information to commit identity theft. In another case, a Corning Glass employee stole confidential blueprints regarding the company’s flat panel TVs from a hopper with papers to be destroyed and sold the materials to a foreign competitor. The culprits in both these cases didn’t need a single keystroke to commit corporate espionage.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Sign Up Log In

Categorized as:Reporting Tech/CyberTagged with:

Related Articles