Preventing Insider Threats at Manufacturing Facilities
July 15, 2020
How to Protect Assets, Intellectual property, and Operations
By Oscar Villanueva
Managing Director of Security Services at R3 Continuum
Manufacturing facilities pose an attractive target for those seeking to commit criminal attacks against a company including sabotage, fraud, and theft of materials and/or intellectual property. Anything of value at a manufacturing facility is at risk, and corporate complacency in having robust security countermeasures exacerbates the risk. Adding to this risk is the reality that these criminal attacks are often perpetrated by insiders.
Examples of insider threats and incidents include:
- In June 2020, a court in Taiwan found three Chinese engineers guilty of stealing intellectual property from Micron Technology, a US company. The three engineers were sentenced to 4.5 to 6.5 years in prison and must pay large fines. You can read more about this case here.
- In February 2020, Joseph Kukta, a senior manager at the Seaford, Delaware FedEx facility pled guilty for stealing parcels shipped through the company and reselling them. He is facing up to 15 years in prison. Kukta’s alleged criminal activity went on for over 10 years from 2007 to 2019. You can read more about this incident here.
- This August 2019 Fox11 News story in Wisconsin reported on the arrest of Derrick Cherney for the alleged theft of 106,061 pounds of aluminum coil worth an estimated $200,000 from his employer, Manitowoc Tool & Manufacturing in Manitowoc County, Wisconsin. Cherney was responsible for managing raw material at the manufacturing site and coordinated delivery to various facilities.
What you need to know
While most employees, contractors, vendors, and visitors are honest and trustworthy, there will always be some willing to engage in illegal activity, and insider security vulnerabilities should be taken seriously. The most effective way to safeguard against this risk is to create an effective insider threat program to detect, prevent, mitigate, report, and resolve threats involving company insiders. Leadership support for this kind of initiative is essential to ensure the viability, effectiveness, and longevity of the program. The first steps to stand up an insider threat program include:
- Identifying vulnerable assets. These could include intellectual property, proprietary manufacturing practices, precious metals, essential IT information and procedures, and other valuable items.
- Ensuring buy-in from corporate leadership
- Identifying who will own and manage the program
- Obtaining the resources necessary to implement and run the program
The actual program should include at a minimum:
- Policies and procedures – what the program covers, how it will be implemented and maintained, who will run it, and what will happen if incidents occur.
- Training – awareness for all employees and specific training for management and those running the program.
- Reporting methods – how issues will be reported and to whom, and what follow up will be done.
- Testing capabilities and methods – how the program will incorporate testing program components.
- Built in alerts – how will program administrators and management learn if there is a violation.
- Employee and stakeholder communication – communication to all employees and stakeholders regarding the program.
Insider threats pose a real and present danger. Creating and implementing an insider threat program can help mitigate this risk.
Ensure the physical and psychological safety and security of your organization. Talk to us.