What’s common to Cartier, Pfizer, Block, Tesla and Apple in the past several months?
They have all had high-profile insider data exfiltration or IP theft events. Now add Yahoo to this “not so exclusive” list. These are clear examples that data portability during this high job turnover economy is rampant and unsolved. Sound gloomy? Given that 90% of all business value includes IP, it’s no surprise that departing employees find source code, trademarked concepts, product plans and personnel data tempting to take with them as they leave for jobs at competitors.
What happened with Yahoo?
Media reports say a civil lawsuit alleges that a former Yahoo employee stole valuable intellectual property when he downloaded approximately 570,000 pages of proprietary source code, ad placement algorithms, internal strategy documents and more upon securing a job offer from The Trade Desk, a direct competitor of Yahoo’s advertising technology arm.
Outcomes vary, plot’s the same
- Employee receives a ridiculously good job offer from a competitor.
- Employee decides to take data from his existing employer to gain an advantage at the new job.
- Employee transfers trade secrets, source code, product plans via one of many cloud apps (Google Drive, Microsoft OneDrive, Slack, etc.) or downloads it to a personal device. Data portability is so simple these days!
- Organization remains challenged to see the untrusted data movement happening in time to contain it.
- Data is out the door. Headlines are written. Lawsuits are filed. It’s too late. In this case, the unfortunate victim is Yahoo.
While some organizations, like Yahoo, are lucky enough to issue a cease-and-desist order a few weeks after an event like this, the data left their environment and we read in the media about how it happened. The scary part? There are many organizations where data exposure has already happened or is happening and is yet to be discovered. In fact, one-in-three organizations will lose valuable IP when employees leave their company. And 63% who take data to a new employer have done it before.
So, why does this **** keep happening?
That discussion requires a longer blog, but in many ways it’s rooted in how organizations are approaching the data risk from insiders today. As noted in our Code42 2021 Data Exposure Report, less than 20% of security budgets were spent on Insider Risk — and more than half of organizations don’t have a formal Insider Risk response plan in place. And that’s despite the fact that data is more portable than ever and people are changing jobs faster than ever. Oh, and let’s not forget that the majority of us are either remote or hybrid, and using new technology to make that possible. While adding a new security approach like Insider Risk Management to your data protection protocols may appear complicated, those who have done it will validate just how simple and game-changing it has been for them. A good place to start is simply listening to what they’re saying on Gartner Peer Insights.
A journey, not a destination
Is this the last we will hear of these IP theft lawsuits? Definitely not. As noted above, the bigger concern is around the lawsuits that take years and millions to investigate and lack hard evidence due to limited visibility to data exposure, loss, leak and theft. As organizations look for answers, they need to think about their risk posture, and that journey starts with better understanding how their data flows, how people work and what processes are in place. What situations like Yahoo remind us is that there is no point-solution that solves the problem. Organizations need to think of it as a holistic approach to risk – Insider Risk Management. The world around us has changed significantly over the past few years. Legacy approaches to locking and blocking data are no longer as effective, and the insider threat rule book that assumes you can find the one bad actor has been tossed out the window.
No one is immune to the threat of data exfiltration, not even Code42. (Check out this blog for more details.) The outcome (leveraging our own Incydr data protection product) taught us three valuable lessons:
- Data leak and theft can, and will, happen to all organizations.
- Timing is key–prioritized alerts that help you see and stop untrusted data movement before a breach happens mitigate the threat of loss.
- You need context–having a full forensic trail of what happened allows you to respond in a way that’s proportionate to an activity’s risk severity.
In the end, it’s how we contained the insider threat that protected us, and especially our customers, from harm. Instead of a lawsuit months or years down the line, we ensured data never left our environment. In contrast, take the time in 2019 when McAfee, a world leader in data loss security, was the unfortunate victim of three former employees stealing trade secrets before they went to work for Tanium, a market rival. In this case, data leaked, and no one stopped it.