In a hunt for professional knowledge, the data loss prevention software company performed a thorough search for data security experts. The professionals were asked to comment on the ongoing debate of whether insider or outsider threats pose a greater risk to corporations.
A leader in the 2016 Magic Quadrant for Data Loss Prevention, Digital Guardian is an American software company that safeguards corporate data. With a team of security industry experts and offices across the globe, the company protects 52 million terabytes of sensitive information daily.
Posted on July 26, the article quoted 47 expert sources with several perspectives on the topic. Most agreed that insider threats present a larger hazard to a company’s security, while others called both equal threats.
As the principal lawyer of Pollard PLLC, a five-lawyer litigation boutique focused on competition law, Pollard was among the sources who considered insider threats to be a greater security risk than outsider threats.
The sources reminded readers that insider threats could come in two forms: malice and carelessness, which Pollard detailed in his comments. He offered insight on how to combat insider threats and what steps to take in the event of a security breach.
“Insiders, hands down. With respect to external threats, you can take certain steps to secure your data and minimize the risk of an external attack (malware, hackers, etc.). You can never be 100% safe but you can have a very high confidence interval. Internal threats are a totally different ballgame. In an organization of any size, the internal threat takes on two dimensions. First, negligence by insiders leading to a data breach. You can combat this to some extent through training and various safeguards. A second and more difficult problem is an insider going rogue. In all of the prior threat scenarios, corporate actors are trying to protect the data but failing for whatever reason (external attack, malware, negligence, etc.). But when an insider goes rogue, the threat is of a fundamentally different nature. For instance, suppose an insider who has access to critical data decides to steal that data and go to an industry rival. On a technical level, it is almost impossible to guard against that threat. You minimize that threat through thoughtful hiring. And if it happens, you immediately go into damage control mode and get an injunction.”
Pollard PLLC has regularly represented clients in data security matters, including trade secret misappropriation, the dishonest acquisition of trade secrets.
Trade secrets gained further protection this year when President Barack Obama signed into law the Defend Trade Secrets Act of 2016, an amendment to the Economic Espionage Act of 1996. The DTSA grants federal protection of trade secrets, allowing companies to sue in federal court for misappropriation occurring on or after May 11, 2016.
The law supplements the state-enacted Uniform Trade Secrets Act that has been adopted by 47 states, including Florida. While most intellectual property has been protected under federal law, trade secrets had only been protected under state law before the DTSA.
According to a 2013 IP Commission report, American trade secret theft losses were at an estimated $300 billion a year.
With trade secret losses posing a great danger to corporations and therefore the economy, providing a federal standard that adopts the EEA’s broad definition of a trade secret grants protection on a wider scale than with state law alone.
According to a 2016 cost of data breach study by IBM, the average total cost of data breach in the U.S. is $7.01 million, a 7 percent increase from the 2015 findings.
In his comments, Pollard revealed two types of insider data breach scenarios: the negligent employee and the malicious insider-gone-rogue. The study showed 23 percent of data breach incidents in the U.S. were caused by negligent employees. Fifty percent of data breach incidents, whether insider or outsider, were conducted maliciously. The study confirmed Pollard’s comments that insider threats have more avenues for damage, thus generating a wider risk.
The average amount of breached records per incident in the U.S. is 29,611, according to the study. Each compromised record cost an average of $221, a new record high.
To offset the damages, the DTSA allows companies to seek compensation on a federal level with not only injunctive and monetary relief, but also with the seizure of property remedy.
While data breach can cost corporations up to millions of dollars, the IBM report found that employee training was a factor that decreased the cost of data breach, as Pollard suggested in his comments.
The same study also revealed that the extensive use of data loss prevention software – provided by companies such as Digital Guardian – reduced the cost of data breach.
Pollard PLLC is a litigation boutique based in Fort Lauderdale, Florida, and focused on competition law. Its attorneys have extensive experience litigating non-compete, trade secret, trademark and antitrust matters. For more information, call 954-332-2380.