Employees or hackers: who poses the biggest threat to your IP?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123459364/employees-or-hackers-who-poses-biggest-threat-your-ip

With breakthroughs in areas as diverse as agricultural drones, brain
mapping and agile robots in 2014 alone, intellectual property has never
been so invaluable.

Companies in the IT and technology sectors rigorously protect against
external threats to their ideas, such as those posed by hacking and data
loss. They even litigate to ensure they are compensated for copyright
breaches.

But is the same level of attention paid to internal issues? In a recent
survey of senior leaders in the UK’s largest IT and technology, by
HireRight, eight in ten (83%) said their company is at greater risk from
external threats than internal ones – such as poor leadership or hiring
people who have the intent of stealing IP.

If the right processes and people are not in place, the risks are just as
great from either. As well as potentially losing ideas to competitors, by
hiring the wrong people businesses risk overall business success, their
reputation and opening themselves up to fraud.

So where and why are companies going wrong when protecting themselves from
internal issues – in particular ensuring they are hiring people with the
best intentions and track record?

In more than a quarter (29%) of IT and technology firms, it is possible
that there are people on the board who have never in their entire career
had their qualifications, experience or criminal record checked. In many
(50%), it is simply presumed that someone applying for a leadership
position can be trusted and that their application and interview are
entirely accurate.

However, this is not always the case – the research shows that in over half
(53%) of IT and technology companies, screening has exposed a leadership
lie – the highest of any sector.

Damage to the reputation of the business is viewed as the biggest issue of
not having the right leaders, followed by leadership that negatively
affects business performance. It can also lead to poor processes being put
in place to protect again IP theft.

If it can result in so many issues, why aren’t leaders being checked more
consistently? One problem is that during mergers and acquisitions – which
are frequent in the sector – often two boards come together who have
different minimum requirements or values.

Organisations in this sector are least likely to screen senior leaders
during a merger (70% compared to a 49% average). Perhaps it is inevitable
then that in as many as one third (30%) of organisations who have been
through a merger, there is a potential scandal lurking.

In addition, the research suggests that many in the industry trust in an
individual’s reputation and contacts when hiring. More than three-quarters
(76%) said they rely on personal recommendations to inform recruitment
decisions. It’s who you know, it seems, rather than what you know.

The issue is not just with leadership. HireRight’s Quarterly Candidate
Health Check takes the pulse of how truthful UK jobseekers are currently at
all levels. The latest data shows that over half (56%) of successful
applications contain errors. More than a third (35%) of HR directors
admitted that people have been hired who would not have been if proper
background screening had been conducted. People at any level are capable of
embellishing the truth, either because they need to secure a job or because
they intend to cause harm.

How can IT leaders ensure they prevent this? They must ensure that they
have a clear process in place for carrying out due diligence on candidates,
as appropriate to the level of risk posed by their position. This needs to
be understood and followed by all so that the best people are recruited
with the right intentions and discussions take place during mergers that
lessen the chances of a scandal emerging at a later date.

In the wake of a number of high-profile reputational scandals, such as at
the Cooperative Bank, the business world is starting to realise the
importance of ensuring that everyone in a company has the skills and
experience they say they do.

In fact, reputational risk is rising up the boardroom agenda in more than
half (59%) of IT and technology companies. With IP battles only likely to
intensify, changes can’t come soon enough.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!