A common misapprehension regarding cybercrime is that the attackers are from mostly outside the organisation, however recent research has shown that the threat of malicious insider activity is worryingly prevalent. The exact nature of the threat and consequent commercial losses though loss of data and intellectual property may not never be exactly quantified but the research quoted by Forcepoint (www.InfoSecurity blog post March 2017) shows a disturbing tendency for a significant number of employees who are willing to act against their organisation. In a study conducted by IBM in 2015 they estimate that over 60% of cyber security attached were carried out by those who had insider access to organisational system. The insider problem becomes complex as it is undertaken by employees who have legitimate access to data and hence, their actions can be difficult to prevent.
What is interesting about the quoted research, on Unintentional Insider Risk in United States and German Organisations by the Ponemon institute, is the attitude of some employees to use company data carelessly or even unjustifiably use it as their own, either during or post-employment. If such actions are unintentional or carried out without intent to harm their organisation, then awareness programmes can somewhat address such attitudes.
However, as the Forcepoint blog has shown, a proportion of the sample shows little reticence to act dishonestly by disclosing company secrets. Awareness training or legal deterrents will not help against such mind-sets. Neither will any technological measures, which mostly deal with stopping the threat of outside attackers from accessing the data vaults of an organisation. Additionally, any internal behaviour monitoring of IT uses only serves to indicate on-going legitimate access to data, and is not necessarily either preventative or a deterrent.
For an employee to act in a dishonest manner, there is a level of motivation required that breaches acceptable norms of honesty that an employer has a right to expect from the employee. Along the pathway of dishonesty, individuals justify a dishonest intention by either convincing themselves that the subsequent action is acceptable or even perhaps a right. Hence technological means alone cannot help to prevent malicious insider activity, which essentially involves human characteristics, intentions and motivations.
Thus, an additional approach to preventing insider activity can be through monitoring of ‘Red Flag’ behaviours as they progressively develop in the employee. Case study analysis of employees who have leaked sensitive data or state secrets held by intelligence organisations in the United States has commonly revealed a systematic progression along the pathway of dishonesty, from inherent characteristics, intent, motivations and finally the deceptive action.
Unacceptable Inherent traits can mostly be identified through rigorous pre-employment processes and vetting. However, an insider is effectively someone who has passed these tests and certain factors during employment will drive the employee to becoming a malicious insider threats as any latent negative traits surface. These are invariably demonstrated by a change in employee behaviour and those that are worrying become ‘Red Flags’, indicating that the employee is under such a degree of stress, that it might lead to uncharacteristic actions such as sabotage, theft of data or unauthorised disclosures.
Identification of these unusual behaviours, though appropriate training, before they become ‘Red Flags’ can allow for timely and supportive supervisory or HR interventions, which may help the employee from developing the intentions and motivations required to act dishonestly.
Now more than ever, cyber security is the top priority of individuals, businesses, and governments alike. Former Cisco CEO John Chambers has been famously quoted as saying that:
“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”
And as Laws such as HIPAA in New York, GDPR laws in Europe and new Data Protection in Australia are being passed around the world we will see the need to address this new battle ground, the insider threat going beyond technology grow exponentially.
Harrman Cyber would love to have your input in this area: Please participate in a quick survey at: https://www.surveymonkey.com/r/CPSHarrmanCyber
About the Author: Hanif Majothi, MA (Intelligence & Security Studies) With a full career in the British Army and the Metropolitan Police Special Branch in London, he has extensive operational experience in the national security and intelligence field. While researching for his PhD at Brunel University, he has helped to develop and deliver academic Intelligence courses for undergraduates and a ‘Counterintelligence and Security’ module for a Masters course.”
/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;