Most data theft occurs by insiders. These are the people who would usually be considered very trustworthy but some incident or life change occurs that motivates them to commit a crime. An evaluation of cases of insider theft has provided statistics useful in identifying the types of employees who are most likely to threaten information security. Surprisingly, it’s not the underpaid computer guru working in the server room. According to data from the Software Engineering Institute at Carnegie Mellon University, information theft is more likely to occur with those who serve in a managerial capacity in a non-technical role. These individuals are usually between the ages of 26 and 40 and they are more likely to steal business data than Personally Identifiable Information (PII).
Equally important is that very few data thefts were discovered by the use of technology. Rather, security awareness and incident response played a greater role in the detection of these crimes. Unfortunately, these competencies are neglected in many businesses. The majority of cases were detected by employees who reported suspicious or unusual activity, customers who complained or by auditors.
So I have to ask; Do your employees know how to recognize suspicious activity? Would they know who to contact? Can they do so anonymously? Lastly, does your company have an action plan for handling data theft incidents?