"I did two things. I took that information, went to his personnel folder, said 'who is this person and who does he associate with that may be interested in this intellectual property that he transferred?'"
As Lowry went through his file, he discovered the person's CV, passport photo, and a picture of him in a foreign military uniform.
That's when alarm bells started going off and the organisation he was working for wasn't aware that a foreign military officer was posing as an employee.
"We took that information and asked who else he was communicating with. By doing a sleuthful trail we were able to identify several compatriots who were doing the exact same thing he was doing.
"Because we were able to pinpoint the activities the led us to the other individuals we could identify them and prevent them from doing something wrong," he said.
Lowry warned that cyber attacks initiated by insiders are one of the greatest but rarely mentioned threats to Australian organisations and governments. He said the majority of data breaches are not caused by hackers but internal factors such as malicious insiders, loss or theft of devices or errors by IT and security administrators are to blame.
He quoted the US State of Cybercrime Survey, which suggests that one-third of cybercrime incidents involve insiders. Further, it found that 50 per cent of organisations say insider breaches are more damaging than external breaches.
Lowry is meeting Australian government security, intelligence and business representatives this week to discuss insider threats in his role as VP, business threat and intelligent analysis at Australian tech firm, Nuix.
Sign up for CIO Asia eNewsletters.