Revenge is one reason employees misuse and abuse systems, as was the case when Kenneth Patterson, former data communications manager for American Eagle Outfitters, disabled his company's ability to process credit card purchases for the first five days of the holiday shopping season in 2002. But the most common motivator behind the inside job is a sense of entitlement, experts say.

"The threat from inside is not just disgruntled employees wanting to get even," C&W's Neal says. "Businesses have always had what you could call shrinkage. Employees rationalize stealing pencils, paper clips and bottles of Coke. But with digital assets stored in computers, this process becomes more impersonal, repeatable - and scalable. Now you can steal a case of pencils instead of a box of pencils, metaphorically speaking."

So strong is this feeling of entitlement that employee theft of data makes up about 75% of the cases investigated by Anton Litchfield, director of forensics consulting services for NTI, an electronic evidence discovery firm.

For example, last summer a vice president of sales for a stock analysis firm quit to go to a competitor. But before she left, she copied the customer database to take with her.

Suspicions were raised when one of her co-workers told his network manager that he'd seen a Windows dialog box copying large files to a folder on her home computer the week before she left - while nobody was at her desk. She'd accessed her office computer from her home computer using GoToMyPC.

PATTERNS OF BEHAVIOUR Profile 3: INTERNAL ATTACK • Create network accounts for themselves and their friends. • Access accounts and applications they wouldn’t normally use for their daily jobs. • E-mail former and prospective employers. • Conduct furtive instant-messaging chats. • Visit Web sites that cater to disgruntled employees, such as f’dcompany.com. • Perform large downloads and file copying. • Access the network during off-hours. COUNTER MEASURES • Enforce least privilege, only allowing access to the resources employees need to do their job. • Set logs to see what users access and what commands they’re putting in. • Protect those resources that are most important with strong authentication. • If you see someone accessing something they shouldn’t, have that person’s manager discuss it with the employee to deter future bad behavior. • Upon termination, delete all computer and network access. • When employees leave the company, make a mirror image of their hard drive before reissuing it. That evidence might be needed if your company information turns up at a competitor.

Click to see:

That's when the network manager contacted NTI.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports