McAfee filed a lawsuit against three former staff members over an alleged conspiracy to steal trade secrets for the benefit of its new employer, rival firm Tanium.
As reported by CyberScoop, the court case, filed with the Eastern District Court of Texas, states that Jennifer Kinney, Alan Coe and Percy Tejeda, highly positioned sales personnel who knew the recipe for McAfee’s “secret sauce” in tactics of Sale and Business Strategy, allegedly conspired to steal confidential information.
The motivations of an internal threat of this type vary, from financial gains, sometimes revenge or even political alliances. For the alleged McAfee internal threat incident, the employees in question may have been motivated to gain a competitive advantage for their new employer.
Industries such as cybersecurity are highly competitive and equally lucrative, so there are significant incentives for both people and companies to filter and share confidential data.
Internal threats can be anyone and anyone who works with confidential data: former McAfee employees had sales support and were almost not considered privileged users.However, they regularly dealt with critical sales agreements and private confidential information. Organizations must recognize that their “secret sauce” includes their sales, pricing and marketing strategies, not just their manufacturing designs and software code.McAfee viewed the information allegedly stolen as part of its intellectual property.
The McAfee incident clearly points to the need for a better internal threat management approach.
In this case, it is an incident involving several GRI vectors (Insider Risk Group) that could have been monitored, job dissatisfaction, loss of salary effectiveness or disengagement would have allowed to establish a risk mitigation strategy and have avoided a harmful event for both, company and employees.
What has your team done to detect warning signs and investigate internal threats?
More information on prevention and mitigation of the internal threat?