Governance & Risk Management
CEO Shares Strategies to Overcome Technical, Cultural Challenges of This Top Threat
Too often when software developers change jobs, they take source code they’ve written with them, feeling the code belongs to them even if it belongs to an employer.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Code42 President and CEO Joe Payne says source code theft can be very challenging to detect since the code resides in text files that are often stored in personal GitHub accounts. In addition, software engineers often don’t see source code theft as harmful to the company they’re departing since the engineers are only taking a copy of the code to their new workplace, leaving the original code intact, he says (see: The Biggest Security Threat to Company Data: Your Employees).
“It is a big problem. It’s probably a number one threat to our data today,” Payne says. “It is technically challenging, for sure, and it is culturally challenging. But it’s OK. There are new solutions, there are new attack patterns, and there are new ways for us to deal with this. You just have to educate yourself on them.”
In this video interview with Information Security Media Group, Payne also discusses:
- How to stop laid-off employees from stealing data;
- Why personal email and Dropbox shouldn’t be used for work;
- Emerging threats on the agenda at the Insider Risk Summit.
Payne has more than 20 years of leadership experience in high-growth security and technology companies. With a passion for identifying and solving emerging market needs, he engages personally in product strategy and direction while growing and providing vision and guidance to teams of security executives. Previously, Payne served as CEO of eSecurity, the first SIEM software company. He also served as president of iDefense prior to its acquisition by VeriSign. At iDefense, Payne led white hat security researchers and worked with U.S. financial institutions and government agencies to improve their risk profiles.