In a similar incident, a Unix systems administrator at Medco Health Solutions who was concerned about being laid off, planted a logic bomb on an internal system that, had it gone off, would have deleted data on 70 servers.
While both incidents involved technically savvy insiders, similar threats can come from non-IT staff as well. In November 2006, a scientist working at DuPont admitted to stealing corporate data valued at around $400 million shortly before he left the company to work at a rival.
The key to being prepared for such threats is knowing what warning signs to look and how to respond to them, said Matt Doherty, a senior vice president at Hillard Heintze, a security consultancy.
One example of a red flag might be an employee who suddenly starts working after hours, stays late for no obvious reason or keeps asking for overtime to make ends meet. Similarly, someone trying to get access to systems and information that they really have no need for could be another sign that something is amiss, he said. Or it could be an employee who prints out large volumes of data after hours, or e-mails it to himself.
As important as such markers are, it is equally important to know what's going on in terms of employee behavior and morale, Doherty said. Supervisors need to be trained to spot employees in distress or those who could pose a security problem in the future, he said. Companies also need to educate employees about the importance of paying attention to signs of frustration among their co-workers and to have a centralized structure in place for reporting such behavior, he said.
"It's critical for a supervisor to be aware of the employees, who they are and what's going on in their lives. It's really about keeping a finger on the pulse," he said.
It's also important to know that the stress can come from outside the work environment, Kirkpatrick said. An employee, for instance, could be experiencing financial problems or may have lost a home to foreclosure because of an inability to meet the mortgage payments.
Identifying and defusing a potential situation takes a coordinated effort, Kirkpatrick said. It's best for companies to set up a cross-functional team composed of members from the human resources, IT, corporate security, legal and operations departments to deal with potential risks from insiders, Kirkpatrick said. It's important to ensure that information received about a potential problem is quickly acted upon. But companies need to make sure that any action they take does not violate the employee's basic rights, she said.