An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases

Since 2001, the Insider Threat team at the Software Engineering Institute's CERT program has built an extensive library and comprehensive database containing more than 550 cases of insider crimes. More than 80 of those crimes involved theft of an organization's intellectual property by a malicious insider. These crimes can be particularly damaging to an organization because it is often difficult or impossible to recover from a loss of confidentiality. This report provides an overview of techniques employed by malicious insiders to steal intellectual property, including the types of assets targeted and the methods used to remove the information from a victim organization's control. The report closes with a brief discussion of mitigating factors and strategic items that an organization should consider when defending against insider attacks on intellectual property.