For more than a decade, the CERT Program at Carnegie Mellon University’s Software Engineering Institute has been gathering and analyzing actual malicious insider incidents.
Based on case patterns, it has identified four categories of insider threat cases: IT sabotage, fraud, theft of intellectual property (IP), and national security espionage.
In this post, we examine the work of researchers in one of these areas: insider intellectual property theft cases. These are defined as crimes in which current or former employees, contractors, or business partners intentionally misuse their system access to steal confidential or proprietary information from the organization.
Why do these crimes happen? One cause is a sense of entitlement among workers born out of their contributions to a project or knowledge.
Preventing Internal Intellectual Property Theft Cases from Happening
It’s important to consider how a sense of entitlement can motivate wrongdoing, according to experts. For many of today’s workers, experts say, it’s not stealing at all—it’s leaving with what’s theirs.
Research on a sense of entitlement as a contributor to theft is consistent. “We have found that a sense of entitlement and anger at authority are consistent aspects of perpetrator motivation,” according to authors of one study, The Insider Threat to Information Systems: The Psychology of the Dangerous Insider.
Researchers from the Australian Institute of Criminology, in The Psychology of Fraud, describe how a distorted idea of ownership evolves, laying the foundation for the motivation to steal. “Employees, especially those in large organizations, may presume personal ownership or entitlement by virtue of occupation (of a position or space) or through regular use/access. The resource becomes “my office,” “my computer,” and “my budget.” This, in turn, seems to provide moral justification for taking the resource for personal use.” While often resulting in only petty theft of office supplies, this distorted perception leads to large frauds, including theft of equipment and abuse of company credit cards, according to the research.
Perhaps more worrisome are intellectual property theft cases in which information is stolen for business advantage. These thefts directly threaten company business models by siphoning customers or helping a competitor, and a significant number of them are motivated by a sense of entitlement to the stolen information, according to a CERT study, Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model.
In cases in which an ambitious insider acted alone to steal information to take to a new job or to his or her own side business, most stole information that they had at least partially developed, according to the study. Half stole proprietary information to which they felt a sense of entitlement based on patterns observed in the cases.
The researchers described the progression in these cases. Insiders typically start with an honest desire to contribute to the organization. For individuals predisposed to feelings of entitlement, this attitude grows as he or she invests time and effort and a tangible product of that work emerges. “This sense of entitlement can be particularly acute if the insider perceives his role in the development of products as especially important,” notes the research. “If the insider’s work is focused on the contribution to a particular product—for example the development of specific business information like customer contact lists—he may have a great sense of ownership of that product or information.”
Once an insider develops a sense of entitlement, it typically combines with a precipitating event, such as a denial of his or her request or a job offer by a competitor, to form a motivation to steal.
It helpful to security teams that individuals who steal “their” work are sometimes easy to catch. “They rarely act as if they are doing anything wrong, probably because they feel perfectly entitled to take the information or product with them to their new job,” according to the CERT study.
However, that also means that intellectual property agreements are not a particularly strong deterrent. “Many insiders stole information from their project area despite having signed IP agreements,” according to the study. In fact, so convinced workers often are that they are simply taking what’s theirs, that despite IP agreements being in place in 44 percent of the cases, less than a quarter of workers made any effort at all to deceive the organization while taking information.
The key to prevention? The report concludes: “An organization’s accurate understanding of its risk is directly related to its ability to detect the insider’s actions, which, with sufficient levels of technical and behavioral monitoring, may be discoverable.”
In addition to the risk factors above, data protection teams should consider the following factors to understand their vulnerability to a sense of entitlement contributing to insider intellectual property theft cases:
- Special arrangements heighten risk. “A sense of entitlement is encouraged when highly valued employees are favored through special arrangement or granted exceptions to rules,” according to the study on insider threats to information systems. When allowed, “employers actually reinforce [a sense of entitlement], up the ante, and contribute to what often becomes an inevitable crisis.”
- Every organization faces some risk. Even organizations that go to significant lengths to appear fair to employees by formalizing procedures, such as for the rewarding of bonuses, may still appear unfair to workers, which can lead to resentment, entitlement, and theft. Researchers have found a paradox when it comes to formalizing procedures to promote workers’ perception of organizational fairness: While it does make workers view the company as a whole as more fair, formalizing procedures tends to eliminate supervisor and managerial discretion, which can make those individuals seem unfair to the workers they oversee. This, too, can provide an employee who possesses an innate sense of entitlement with the added spark necessary to take “their work” for personal gain.
A sense of entitlement encourages employees to steal IP, but a lack of awareness on the part of employers helps them get away with it, agrees Kevin McDonald, executive vice president and chief information security officer at Alvaka Networks, a network services and security firm. He believes employers trust their employees and business partners far too much, choosing to believe their employees and partners have their best interests in mind. “They assume they can be trusted to do what is right for the company and not for themselves.”
Although the studies cited above show that they don’t always work to deter theft, McDonald encourages companies to require employees to sign an agreement that states they recognize that all company information is proprietary and they face prosecution for using it outside of their job.
Experts add that the employment agreement should specifically note that the limitations on the disclosure of confidential information does not expire with the end of the employment, but survives the termination of employment for any reason.
Finally, the employment agreement should specifically include an ownership of work product provision to ensure that all inventions, works, drawings, programs and the like created by the employee shall become and remain the sole property of the employer, say legal experts.
This post was originally published in 2018 and was updated November 14, 2018.