If you ask people about cybersecurity, they will probably start talking about hackers breaking into a company’s computers from hundreds of miles away. However, a threat just as destructive could be hiding inside that company’s offices.
These insider threats typically fall into two groups. The first group consists of careless employees who fail to properly secure their computers. The second group includes malicious workers with insider access. These people either steal information from within an organization or allow cybercriminals to access their company’s networks.
According to the 2015 Vormetric Insider Threat Report, the vast majority of U.S. corporations are at risk of an insider attack. Almost 60 percent of the survey’s respondents said that privileged users are the biggest threats to their companies.
These threats are not limited to the United States, as AT&T discovered. Employees at the company’s call centers in Mexico, Colombia, and the Philippines stole the data of around 280,000 customers. The thieves intended to use this information as part of a scheme to unlock stolen cellphones.
Recognizing Insider Threats
After studying cases of insider threats, fraud, and embezzlement, criminologist Donald Cressey developed the Fraud Triangle theory. He claimed that these types of crimes occur when three elements are present.
First, the criminal must feel pressure to commit the crime, either out of greed or desperation. For example, an employee who is in sudden need of a large amount of money might be tempted to participate in an insider attack. The inability to pay for a substantial medical bill is often cited as a popular example of this situation.
The other two elements in the Fraud Triangle are opportunity and rationalization. To commit the crimes, the perpetrators must have the ability to do so. However, they must also convince themselves that their actions are acceptable. This rationalization twists the event in such a way that they do not consider it a crime. Instead, they usually convince themselves that they are just borrowing the money or that the company deserves the attack because it is corrupt.
To identify these elements of an insider threat, organizations need to pay attention to their employees’ actions, character traits, and personal circumstances. To this end, the U.S. Computer Emergency Readiness Team (US-CERT) — a division within the U.S. Department of Homeland Security — published the Combating the Insider Threat report. It lists character traits of insiders who are at risk of becoming a threat. The traits include:
- A sense of entitlement
- A lack of empathy
- An inability to assume responsibility for their actions
- A weak sense of loyalty toward the company
- An inability to accept or tolerate criticism
While displaying a couple of these traits is fine, anyone who exhibits many of them should be flagged as a possible risk.
There are also behavioral signs that can point to an insider threat. If staff members work at odd hours without authorization, remotely access the company’s network while on vacation, or unnecessarily copy documents, they may be preparing for or participating in an insider attack.
Defending against Insider Threats
Out of the three elements in the Fraud Triangle, companies have the most control over opportunity. By following the principle of least privilege (i.e., limiting employees’ access to the minimal level that will allow them to perform their job duties) and using access control tools, organizations can more effectively prevent incidents involving insider threats, according to theInsider Threat Study.
As part of these efforts, you should record when employees access the company’s network and how many files they typically handle. This will help you discover when staff members are, for example, printing files in their off-hours or saving a substantial amount of files to a USB drive. Similarly, managers should set up a schedule for reviewing employees’ network access levels.
You can address the rationalization and pressure elements of the Fraud Triangle by regularly interacting with your employees. Set up feedback forms and anonymous surveys so that they can express their frustrations constructively. For this strategy to work, you have to tackle these complaints in an open and honest manner. Companies can also improve workplace morale by instituting a program that recognizes and praises outstanding employees. A warm attitude toward staff members makes it less likely that one of them will attack the company out of spite or anger.
Since insider threats sometimes stem from carelessness or a lack of understanding, it is also important to educate employees about cybersecurity. You need to develop an IT training program that will teach your staff members about how to use their computers in a secure manner.