We’ve come across a number of articles recently highlighting the spy threats that come from within a company’s own employees, a few of these are referenced below. As with all security, some of the biggest threats come from within your own walls. This is particularly worth noting when it comes corporate espionage. About 90 percent of all eavesdropping devices and threats we have discovered were placed by current or former employees or others who had free access to the target areas. In espionage cases, there may be nothing obvious missing to alert you to the incident. By the time the loss of information is recognized it may be too late, the damage may be done.
::::::::::::::::::::::::::::::::::::::::::
Digital security website Dark Reading reports:
Generation Y Users Say They Will Break Corporate BYOD Rules
Majority of users ages 21 to 32 say they would flout company policies restricting the use of personal devices.
In a survey of 3,200 employees from Generation Y (ages 21 to 32), researchers at Fortinet found that 51 percent were prepared to contravene any policy banning the use of personal devices at work or for work purposes.
And this attitude is spreading to other technologies: Thirty-six percent of respondents using their own personal cloud storage accounts (e.g., Dropbox) for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smartwatches, almost half (48 percent) would contravene any policy brought in to curb use of these at work.
“It’s worrying to see policy contravention so high and so sharply on the rise, as well as the high instances of Generation Y users being victims of cybercrime,” said John Maddison, vice president of marketing at Fortinet. “On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”
:::::::::::::::::::::::::::::::::::::::::::::::: German website Deutche Welle reports: …Nor do criminals of the economic variety dash over fences during the night or hack their way into the firm’s hard drives via the Internet. Many of the crimes are carried out by employees within the company. “You can assume that about half of all business crimes will come from within your own ranks,” Salvenmoser says. For companies, it’s a bitter pill twice over. First, insiders know where to hit the company hardest as well as where to find the most critical information. Second, it’s simply disappointing. “People I work with every day, who I talk to every day – I don’t expect that,” explained Salvenmoser. “With those people, I have a very special sense of trust.” But even here, says criminologist Kai Bussman, corporate culture has an effect – if also a negative one. A company’s own behavior colors the way employees behave toward the company. Such criminals, therefore, often work in “companies that do not place any value on fair dealings with customers, so they should not be surprised when their own employees help themselves,” he said. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Industrial Espionage Threats to SMEs Originate from Within (Small to Medium sized Enterprises- SME) SMEs are in many ways are more vulnerable than big businesses, which are capable of employing a small army of security specialists to safeguard intellectual propert, said Michel Juneau-Katsuya, president and CEO of the Northgate Group, an international security firm based in Canada. SMEs very often perceive security as an extravagance. “In times of austerity that sin of security expense is one of the first things that get eliminated,” he told IMT. To a certain extent, the strategic importance of protection has become even more critical for SMEs. When it comes to stolen prototypes or proprietary technology, larger companies seem more capable of absorbing the loss. “If you’re a big guy and you lose a gadget, you can probably recover from that,” he said. “But if you’re a small or medium-sized company, you lose your intellectual property, you might actually break your back and lose your company. “There’s not a lawyer in the world that [can] bring back the value or bring back the intellectual property that you’ve lost. There is only one serious way to defend yourself against espionage activity: Awareness, awareness, awareness.” Trade secrets, commercial secrets, and intellectual property are typically targeted. Strategic information, such as a potential bid price, is also a type of company secret that must be protected. Access to such information could obviously help a competitor win a contract. …Industrial espionage can pit company against company. But it has also become a fairly lucrative business for organized crime. Activists with political agendas are also threats. These groups are not out to make a buck, but to embarrass or immobilize a company. The end result for the target is often the same: loss of revenue. However, the most common agent of industrial espionage is an insider — an employee. “The wolf is in the barn,” said Juneau-Katsuya. He estimates that 85 to 90 percent of security leaks are perpetrated by someone who has been granted legitimate access to information. Some are stealing for profit — selling information to the competition. Others are simply careless and accidentally leak information that can be used by agents of industrial espionage. In a survey of 600 companies two years ago, Northgate found that the vast majority of security breaches from mobile devices were made by executives who have access to sensitive information. They often circumvented security protocol to accommodate a business lifestyle that includes world travel and long hours. “The inadvertent disclosure of information is your biggest threat — as opposed to being targeted and exploited directly,” said Burgess. Companies need to know what data employees are sharing with customers or partners and how that information is shared, he said. “I do advocate that every company have a social network guide that lays out expectations as to what is and what is not shareable,” he said. For example, employees who post resumes and related information on such social networks as LinkedIn might inadvertently be disclosing something their employer wants to protect, Burgess said. A trip app might allow a competitor to view a company’s travel itinerary. Information can be aggregated to show patterns. “The beauty of Foursquare is you can see people checking in to their clients and where and how many trips are being made to a specific location,” he said. Juneau-Katsuya said employees are both the weakest point and the solution to a company’s efforts to guard its intellectual property.“Information will leak and will disappear because of your employees and will be protected because of your employees,” he said. “If you don’t involve your employees into the process you’re fighting a lost battle.” Corporate espionage: The spy in your cubicle