MOUNTAIN VIEW, CA, Dec 07, 2011 (MARKETWIRE via COMTEX) --

Symantec Corp. (NASDAQ: SYMC) today released the findings of a new report "Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall." The report addresses the high level of organizational anxiety surrounding potential theft of sensitive, proprietary, intellectual property or similar critical data by employees. It describes what is known about the people and organizational conditions which contribute to this risk. The research paper was authored by Dr. Eric Shaw and Dr. Harley Stock, experts in the fields of psychological profiling and employee risk management.

Click to Tweet: Symantec releases new research revealing psychology behind intellectual property theft by corporate insiders: http://bit.ly/vhMuS2

"Most organizations are aware of the security threats posed by outsiders, but the malicious insider within their own ranks may pose an even greater risk," said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp. "In this era of global markets, companies and government entities of all sizes are recognizing the ever-expanding challenges of protecting their most valuable asset -- their intellectual property -- from rivals."

Theft of intellectual property costs U.S. businesses more than $250 billion per year and FBI reports confirm that insiders are a major target of opponent efforts to steal proprietary data and the leading source of these leaks. Based on a review of empirical research, Dr. Stock and Dr. Shaw have identified the key behaviors and indicators that contribute to intellectual property (IP) theft by malicious insiders. The most compelling patterns observed include:

--  Insider IP thieves are often in technical positions - The majority of
    IP theft is committed by current male employees averaging about 37
    years of age who serve in positions including engineers or scientists,
    managers, and programmers. A large percentage of these thieves had
    signed IP agreements. This indicates that policy alone -- without
    employee comprehension and effective enforcement -- is ineffective.
--  Typically insider IP thieves already have a new job - About 65% of
    employees who commit insider IP theft had already accepted positions
    with a competing company or started their own company at the time of
    the theft. About 20% were recruited by an outsider who targeted the
    data and 25% gave the stolen IP to a foreign company or country. In
    addition, more than half steal data within a month of leaving.
--  Malicious insiders generally steal information they are authorized to
    access - Subjects take the data they know, work with and often feel
    entitled to in some way. In fact, 75% of insiders stole material they
    were authorized to access.
--  Trade secrets are most common IP type stolen by insiders - Trade
    secrets were stolen in 52% of cases. Business information such as
    billing information, price lists and other administrative data was
    stolen in 30%, source code (20%), proprietary software (14%), customer
    information (12%), and business plans (6%).
--  Insiders use technical means to steal IP, but most theft is discovered
    by non-technical employees - The majority of subjects (54%) used a
    network -- email, a remote network access channel or network file
    transfer to remove their stolen data. However, most insider IP theft
    was discovered by non-technical staff members.
--  Key insider patterns precede departure and theft - Common problems
    occur before insider thefts and probably contribute to insiders'
    motivation. These precipitants of IP theft support the role of
    personal psychological predispositions, stressful events and
    concerning behaviors as indicators of insider risk.
--  Professional setbacks can fast-track insiders considering stealing IP
    - Acceleration on the pathway to insider theft occurs when the
    employee gets tired of "thinking about it" and decides to take action
    or is solicited by others to do so. This move often occurs on the
    heels of a perceived professional set-back or unmet expectations.

The report features pragmatic recommendations for managers and security personnel concerned with intellectual theft risk, including:

--  Build a Team: To fully address insider theft, organizations need to
    have a dedicated team made up of HR, security, and legal professionals
    that create policies, drive training, and monitor problem employees.
--  Organizational Issues: Organizations need to evaluate whether they are
    at greater risk due to inherent factors -- employee morale,
    competitive risk, adversary operations, local overseas, use of local
    contractors, etc.
--  Pre-Employment Screening: The information collected during this
    process will help hiring managers make informed decisions and mitigate
    the risk of hiring a "problem" employee.
--  Policies and Practices: This is a checklist of specific policy and
    practice areas that should be covered within an organization's basic
    governance structures.
--  Training and Education: These are essential to policy effectiveness
    since policies and practices that are not recognized, understood and
    adhered to may be of limited effectiveness. For instance, most IP
    thieves have signed IP agreements. Organizations should have more
    direct discussions with employees about what data is and is not
    transferrable upon their departure and the consequences for violating
    these contracts.
--  Continuing Evaluation: Without effective monitoring and enforcement,
    compliance will lapse and insider risk will escalate.

In addition, Symantec recommends:

--  Preempt IP theft by flagging high-risk insider behavior with a
    security technology like Data Loss Prevention (DLP).
--  Implement a data protection policy that monitors inappropriate use of
    IP and notifies employees of violations, which increases security
    awareness and deters insider theft.
--  Alert managers, HR, and security staff when exiting or terminated
    employees access and download IP in unusual patterns with a file
    monitoring technology like Data Insight.

Dr. Eric Shaw aids corporate and government organizations in the investigation of insider cases, insider research, employee risk assessments, and the evaluation of organization insider risk. He also helps these organizations develop training in the area of insider security awareness. Dr. Shaw is a clinical psychologist and a former intelligence officer. He has served as an expert witness on insider-related litigation including representing the Department of Justice in a recent Anthrax case. He is president of Consulting and Clinical Psychology Limited, located in Washington, DC. Dr. Shaw also specializes in the psycholinguist risk and holds eight patents on psychological content analysis software designed to locate, assess, and monitor disgruntled at-risk employees for insider activity. He is a professorial lecturer at the Elliot School of International Affairs of George Washington University and a behaviorial consultant at Stroz Friedberg Incorporated, an international corporate investigations and computer forensic fraud firm.

Dr. Harley Stock is a managing partner with the Incident Management Group (IMG). Dr. Stock's specialty is high risk threat assessment in the workplace. Dr. Stock and his group have developed a comprehensive violence prevention program using forensic psychology, linguistic analysis, protective security and deployment of innovative labor and legal strategies to resolve individual cases and executive preventive programs. IMG threat management services are routinely used by Fortune 500 companies and the U.S. government. Dr. Stock guides clients through the intricacies of case handling and presents decision makers with security and psychological assessment strategies and a range of practical management options. He is one of 250 board certified forensic psychologists in the U.S.

Resources

--  Executive Summary: Behavioral Risk Indicators of Malicious Insider
    Theft of Intellectual Property: Misreading the Writing on the Wall
    (PDF)
--  White Paper: Behavioral Risk Indicators of Malicious Insider Theft of
    Intellectual Property: Misreading the Writing on the Wall (PDF)
--  Webcast "The Psychology of Insider Theft: What Pushes Employees to
    Steal?" Registration, December 12th
--  Blog Post: Insider Data Theft: When Good Employees Go Bad
--  Infographic: Can you spot a malicious insider?
--  Podcast: Psychology of Insider Theft

Connect with Symantec

--  Follow Symantec on Twitter
--  Join Symantec on Facebook
--  Subscribe to Symantec News RSS Feed
--  View Symantec's SlideShare Channel
--  Visit Symantec Connect Business Community

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

Technorati Tags Symantec, data loss prevention, encryption, security

CONTACT:
Cassie Stevenson
Symantec Corp.
+1 (415) 533-2720
cassie_stevenson@symantec.com

Emily Butler
Connect Public Relations
+1 (801) 373-7888
emilyb@connectpr.com

SOURCE: Symantec Corporation

mailto:cassie_stevenson@symantec.com
mailto:emilyb@connectpr.com