Just like any other dependable and hard-working engineer, Chinese born Greg Chung was one of the many employees at Rockwell and Boeing. However, no one around him, including his employers, were aware that Greg was gathering secret data to take back to his home country, China, to help his country build a space program. Between the years 1979 to 2006, Greg stole thousands of classified documents regarding space shuttles and military cargo jets from his place of employment in order to hand them over to the Chinese government. Under the guise of presenting lectures and discussions, Greg travelled to China to meet with Chinese agents covertly. When he was finally apprehended in 2010, he was sentenced to more than 15 years in prison for his misdemeanours.
While this may appear like a plot from a Hollywood movie, the scenario of state-sponsored insider threats in organizations is a reality; a real and present danger lurking at the doorstep of every company. The rise of insider spies like Greg has now become more active than before. Data gathered from more than 1500 organizations revealed an increase in rogue activities initiated by foreign countries, rivals and businesses, wherein spies or insiders were recruited to obtain illegal access to sensitive, classified and non-public documents and data from their place of employment.
As trusted internal employees, privileged users and third-party contractors, these individuals conspired with outside forces to misuse information for either purposeful or malicious reasons.
This makes it crucial why insider spies must be detected at the earliest and their motives be understood swiftly. While there are numerous reasons why individuals steal data on behalf of a foreign country or a rival organization, some of them to look out for include:
- Financial gain. Some individuals believe that the fastest way to make money is to exfiltrate sensitive data of a company and sell it to a competitor, in this case, a foreign country or a state looking to profit from the information. Typically, those under financial duress could be more inclined to steal data.
- Vengeance. If a frustrated or angry employee is looking to retaliate against the company, they may deliberately cause harm by divulging classified information, intellectual property, trade secrets and other relevant documentation to a foreign country.
- Doctrine. An individual having a fundamental conflict on the ideologies of the company that they are working for could be motivated to steal data to destroy the company.
- Nationalism. Like Greg, an internal staff member may cause a data breach to improve or enhance ties with their home country.
- Personal issues. Stress or frustration in an individual’s life, such as demise or divorce, could be compelling instigators in motivating individuals to conspire with a rogue nation to steal confidential and sensitive documents and data.
- Internal conflicts within the company. If an employee is having numerous conflicts within their workspace, they could be easily persuaded to cause a data breach in the company. A reliable document security tool must therefore be implemented that can control user access and control document use(what can be done with document content once it has been accessed by an authorized user). In addition, it should be able to log suspicious user behaviour and detect threat indicators by offering visibility into the user’s actions on the company’s data.
It can be almost impossible to prepare for behaviour indicators in an organization and discover suspicious activities, especially in companies that have a large workforce.
Given the number of factors at hand, legacy security tools are often rendered useless in mitigating real threats. In such scenarios, digital rights management can be used to prevent insider threats as these solutions concentrate on document and not just user behaviour – control over document use is always enforced regardless of where a document is accessed and by who. As a robust document protection system, DRM can help prevent insider threats, avoid data exfiltration and help in streamlining an investigation process.
The lack of visibility that IT departments may have into the actions of privileged users can be the single most data security risk in companies. Digital rights management rises to this challenge by alerting you in real-time to insider threat indicators. It can help prevent vulnerabilities in a system and stop sensitive documents from being stolen. Using DRM to control document use, you can set controls on how users can access (i.e. using what devices and from what locations) and use(i.e. stopping copying, printing and editing of content) documents you shared with them. You can revoke access to documents at any stage and have expiry controls in place that automatically revoke access to a document after a user has viewed it. You can also log document use, seeing who accessed, viewed and printed your documents, from where and when. Document DRM is therefore a powerful tool in providing intellectual property protection and safeguarding a company’s documents from unauthorized access and misuse.