Extrusion: The story of 'trusted' digital insider theft

Computerworld - "The risk of cyber attacks continues to be high. Even organizations that have deployed a wide range of security technologies fall victim to significant losses. ... The percentage of incidents that are reported to law enforcement agencies remains low ... Attackers may reasonably infer that the odds against their being caught and prosecuted remain strongly in their favor." -- Computer Security Institute/FBI 2003 Computer Crime and Security Survey

In the hit parade of security technology buzzwords, antivirus and intrusion-detection systems are in the top five. After all, there are a lot of bad guys out there writing worms and trying to break in.
Stop for a second and ask yourself a question.
Is intrusion your key threat just because that's what the IT vendors are selling?
You know the joke about the cement factory in Poland. Every day, a worker leaves the factory at closing time with a wheelbarrow of sand. After a month of this, the guard finally says to the worker, "I know you're stealing something; I just can't figure out what the heck it is." The worker replies, "I'm stealing wheelbarrows." That's extrusion: unauthorized transfer of your assets in broad daylight.
The sources of insider theft
Let's examine the sources of digital asset extrusion: trusted insiders, human error and criminals. Trusted insiders are your employees, your suppliers and your customers. Employees may be the software development group that was axed or the sales representative who skims credit card transactions. Suppliers may be the courier who flirts with the receptionist or the night security guard who copies sensitive documents.
Outsourcing contractors are also threats. In the quest for operational efficiency, our industry outsources IT functions, but oddly, some banks and insurance companies outsource their information security functions even though their business is the most information-intensive industry on the planet.
What about human error? One extra click in Outlook, and a casual friend is on the distribution list together with the board members in the middle of due diligence.
Customers may not be direct threats, but many business-to-consumer Web sites are vulnerable to credit card theft by organized crime. Tens of thousands of stolen credit card numbers are offered for sale each week on the Web. This black market e-business, where credit card prices fluctuate with supply and demand, costs the financial system more than $1 billion a year and shows how easily personal information is being stolen and traded.
People do it because of anger and greed. Emotions are a powerful motivator, and anger at being terminated will