I first came across the Intellectual Property (IP) theft and insider risk phenomena while reading “Jurassic Park.” As we all know, things go south when a disgruntled employee tries to steal the dinosaur embryos to sell them to a rival. The theft of trade secrets/IP is not a new phenomenon. However, this phenomenon is now a firm and worrying part of cyber warfare, alongside critical organizational data. As per the FBI, the annual loss just for the US is $225–$600 billion. An IP theft, as compared to a breach, is a deadlier menace. While a breach may end up with the company suffering from embarrassment and/or fines, an IP theft can be fatal for organizations. This situation is particularly troublesome, especially for startups.
The issue has caught fire again after the US decided to indict a Chinese national for various charges, including IP theft. This is just one of the many alleged IP thefts and attempted thefts. What is curiouser this time is that Linwei Ding, the engineer who allegedly stole the data, had also started his own company and had been interviewed for the post of CTO by another Chinese company and had affiliated himself (of course, in secret) with two other companies in the PRC (mainland China).
Companies usually deploy multiple types of software to combat such threats. Today, organizational SecOps do not rely on just one software. It usually includes multiple tools to validate the personnel before allowing them access to critical data. The HR software performs background checks on the candidate. An Insider Risk Management (IRM) is deployed to provide users with just the right amount of access to confidential data. Companies also use a zero-trust system that ensures that the user must validate themselves before trying to access anything inside the company’s network perimeter. So, we need to ask, what happened? How do multiple systems in a Fortune 100 company fail to detect this critical data exfiltration? The indictment states that Ding managed to bypass Google’s security system by copying the data, which included the building blocks of its AI technology into the Apple Notes application on his Google-issued MacBook laptop. He then converted the Apple Notes into PDF files and uploaded them from the Google network into a separate account. In addition, he managed to get someone else to swipe his ID to mask a trip back home. Was it a perfect storm, or were there any blindspots he was able to utilize? Mind you, this is not the first time the US has accused China of IP theft. While we won’t go into the details, it is serious enough to have its own wiki page.
The main, and the most painful lesson from this latest event is that no system is foolproof, as yet. Human ingenuity has surpassed software capabilities. We don’t know what Alphabet’s policies about hiring workforce from countries the US has a whole lot of disputes going on are, but we can be very sure that most corporations use some form of HR technology during the recruitment process to check the candidate’s background. These challenges will further improve the software, as there is one very glaring similarity between the IT sector and aviation, besides the former in wide use in the latter. The sector sees major reforms after undetected flaws, including processes, in the systems result in incidents. There is another similar angle: human ingenuity (or incompetency) surpassing software capabilities.
Coming back to the question of whether the insider protection software failed here, the solution, equipped with DLP, UEBA, and continuous monitoring capabilities, may be insufficient if an employee already has legitimate access. Proper HR screening and rigorous background checks are critical—because even the most evolved technical solutions are reactive, detecting breaches after the act, and noticing the anomaly. Ultimately, the only constant is the human factor, and we must hold individuals accountable for their actions to truly mitigate evolving insider risks.