The role of forensic investigation in cases of suspected data theft
While it is critical for companies to take safeguards against external threats, such as hackers, trojans, phishing emails, and ransomware, one key risk that is sometimes overlooked is insider threats, most notably the theft of sensitive information by employees—particularly departing ones.
A survey conducted by Haytax, a company specializing in data security, revealed that employees and contractors are the main causes of data breaches. Meanwhile, according to Ponemo, insider threats have increased in both frequency and cost over the past two years, with malicious insiders causing 26% of the incidents.
Malicious insiders and the data they steal
Malicious insiders are employees or authorized individuals who abuse their access for harmful, unethical or illegal activities, including stealing information that is valuable and confidential to companies.
What constitutes valuable for a given business and the reasons someone would want to steal it might vary widely depending on the nature of the business and the sector in which it operates. However, one of the most important and recognizable assets of any business is its intellectual property (IP), which includes things like marketing strategy, technology, a pitch deck, client list, a company’s logo, and anything that provides companies with a competitive edge in its market.
IP theft often goes undetected until the relevant information is used by unauthorized—often competing—parties. This is what happens in a lot of IP theft cases.
For instance, a former key person of a company was strongly suspected of stealing the company’s IP before quitting and using it to benefit a competitor—a new player in the industry, who then hired him. Initial allegations emerged after the company suspected a competitor’s technology that was very similar to their own.
After investigating more deeply about the competitor and the technology they carried, the company found out that their former employee had been hired by the competitor.
This former employee was the one who knew the ins and outs of every project the company handled. The IP he allegedly stole was strategic data required by the perpetrator to carry out his day-to-day job. It is clear that the perpetrator had broad and free access to the data.
As a result, the competitor was able to imitate the company’s products and technology to gain an edge over their competition.
While not all departing employees bring data with them, according to the Annual Data Exposure Report 2022 by Code42, there is a one in three (37%) chance of a company losing its IP when an employee quits.
The role of a forensic expert
One good lesson that should be noted from the case is that the company responded swiftly to defend its interest once the suspected data theft occurred by having a forensic expert look at the case and preserve any evidence.
Evidence is critical in exposing and proving data theft. In this regard, a company can gather evidence from the device used by a former employee who is suspected of committing fraud. This device stores a history of the employee’s behaviors and activities, such as dates he logged in, how many times a file was printed, when his private USB drive accessed the device, and even cloud-based documents that he accessed—basically digital trails that can pose as chronological evidence to shed light on the theft case and file a lawsuit.
It is crucial to comprehend that digital evidence is volatile since it is vulnerable to change. Given this, courts will only accept evidence if it is treated in accordance with appropriate forensic standards.
However, it is to be noted that any preservation attempt may accidentally compromise the data’s integrity, leaving the door open for this to be disputed in court. Therefore, relying on an in-house IT department is not a feasible choice, since they lack the requisite equipment, certifications, and skills to gather data forensically or undertake a computer forensic analysis.
Digital forensics should only be done by experienced and trained professionals. These trained professionals are also certified, proving their competence.
Our team at Integrity Asia is trained, skilled, and well-equipped to undertake digital forensics as part of a fraud investigation. Our team assists clients in a variety of sectors with digital forensics investigations. All evidence acquired throughout the investigation is recorded in a forensic report that can be used in court. Contact us for digital forensics services today.
Image by Freepik