Companies Ill-Prepared to fend off insider threats.

• Author: Magnuson, Stew

* Bradley Manning and Edward Snowden. The two names, and their actions, have sent reverberations through the defense and intelligence communities.

Government agencies have had to contend with so-called "insider threats" from the beginning of their existences. Espionage is not new.

But the two high-profile cases are putting a spotlight on insider threats in the private sector, particularly companies that do business with the Defense Department, intelligence agencies and other government organizations.

"It doesn't happen very often, but when it does, it is very ugly. It has taken companies down," said Douglas Thomas, head of corporate counterintelligence at Lockheed Martin Corp.

"If you have a person with unfettered access, who is motivated to do harm and is handled by a sophisticated intelligence service, the amount of damage that one person can do is unbelievable. Just look at Snowden," he said at an Intelligence and National Security Association (INSA) panel in Washington, D.C.

Snowden, a Booz Allen Hamilton contractor working for the National Security Agency, has admitted handing over classified secrets to a London newspaper. Manning, an Army specialist, was convicted of passing large files of data to the anti-secrecy organization WikiLeaks.

Whether the two men are considered spies or whistleblowers is beside the point, panelists said. Such actions can do serious damage to companies as well.

Dawn Cappelli, director of insider risk management at Rockwell Automation, and the leader of an INSA task force that produced a report on these threats, said there are several categories of those who may harm a company.

There are, of course, those spying for a foreign government. There are disgruntled workers looking to commit an act of sabotage. Some might abscond with company trade secrets, strategic plans or other confidential information as they leave for another job. Others may simply be out for financial gain, and embezzle money or commit fraud, she said.

The recent high profile incidents show that "no one is immune, and it should really be a heads up that in the private sector we need to pay attention and follow the example of the federal government because anyone can be a victim," she said.

The report, "A Preliminary Examination of Insider Threat Programs in the U.S. Private Sector," surveyed 13 companies on their practices. The reason why there were so few participants was because many companies the task force approached had no insider threat...