Tech employees sending out trade secrets to competitors. Government workers e-mailing hate mail and pornography. Private financial and health information routinely sent out over the Web unencrypted and unprotected.
These are but a few of the startling assertions in the new book, The Insider: A True Story Reveals the Threat to Intellectual Property From High-Tech Industry Insiders.
”Identity theft is a hot buzz phrase and a real concern, but after writing this book I came to the conclusion the actual theft of identity is a symptom of a much worse cancer growing inside organizations,” said author Dan Verton in an interview with internetnews.com. ”The mishandling of information on the inside is enabling identity theft to happen.”
Verton said most of the cases of abuse involved employees unwittingly sending sensitive, private and proprietary information unprotected over the Internet, typically using Web e-mail services like Hotmail or Gmail. The next worm or virus, he said, starts by harvesting these e-mails.
But intentional abuses also are a huge problem. Former Attorney General John Ashcroft estimated in October that intellectual property theft costs U.S. companies about $250 billion a year.
Silicon Valley-based Reconnex assisted Verton in his research. The company’s iGuard Content Analyzer functions as a high-speed enterprise security appliance designed to monitor all information flowing over an organization’s network. The system registers all sensitive or proprietary data created in any type of electronic format, such as images, text-based files or database records.
It provides real-time alerts on exact matches of content registered by the Reconnex iController. For example, the system can look for specific keywords in any electronic communication sent on a company’s network, or it can look for number formats that resemble a credit card or Social Security card.
”We have the most comprehensive database in terms of what is leaking from companies and governmental agencies,” said Don Massaro, founder and CEO of Reconnex. ”Up to now what’s been available have been estimates based on surveys. We have the first hard data.”
As part of its sales pitch to large companies and government agencies, Reconnex conducts a 48-hour risk assessment where it attaches the iGuard to a company’s network gathering data at 1 gigabyte per second speeds onto a petabyte storage device.
The company allowed Verton to view abstracts of the results at over 50 sites at the same time they were presented to the potential customers (companies and government agencies). ”There wasn’t one assessment where someone didn’t lose their job after the data was presented,” said Verton.
Verton, a former Marine intelligence officer, doesn’t name names as part of his confidentiality agreement with Reconnex, which is also helping to market the book. Yet some of the examples leave little to the imagination.
In one case, he described a company as ”one of the largest technology developers in the country whose products everyone uses.” The results of the 48-hour assessment showed that this company had 50 different employees all looking for a job, and one of these sent out proprietary documents on a new product to a direct competitor.