54% of data breaches arise from insider threats, according to the Information Security Forum. As employees climb the ladder of authority within your organization, so does their access to information and company secrets increase. Sadly, all it takes is a little motivation from the outside world for an employee to go rogue.
The more access that an employee has to your valued data, the more dangerous they can be to business continuity. Which begs the question: what warrants insider threats? Can you use psychology to spot it from miles away and stop it on its tracks?
Here is why employees engage in insider cyber-attacks and how to prevent this from affecting your organization:
The fraud triangle
Insiders have the upper hand when compared to hackers in that they know how to circumvent security protocols including knowing how to crack your firewall as well as bypassing the free server monitoring software undetected.
For them to choose to walk the insider path, however, three things must happen – commonly known as the Fraud Triangle. First, an employee has to go through external pressure that forces them to start wondering about committing an insider crime.
This can be anything from the lack of funds to the mistreatment by their boss. Next, an opportunity must present itself. In most cases, the opportunity comes in terms of the privileged access that they have. Lastly, they must try to rationalize their next move.
For instance, an employee might say that they are proceeding with the crime as a form of justice for mistreatment. In other cases, they may simply say that they will correct their mistakes before anyone can even notice.
The insider creates a personal bubble
As a defense mechanism for the act that they would love to do, a malicious employee will typically surround themselves with a personal bubble. Under this bubble, every step that they take to get to their end goal is considered acceptable. They try to distance themselves from the entire workforce to avoid having their goals deterred.
For them, monetary, social or even health problems can all be solved by that one mere act of data theft. Recruiting third party members also becomes easier once the personal bubble is formed. The insider might find it easy to change the mindset of other employees who seem to be sailing in the same boat as them.
Insider acts are often part of a plan
Seldom will insider attacks be done out of impulse. In most cases, you might find that employees with no previous criminal records are involved in the crime. Before they form the personal bubble and proceed to commit the crime, it takes weeks of internal monologues to get their mindset right.
They then start committing to a certain plan with different laid down steps to avoid being caught. They will typically have to study the security protocols that you have in place and look for ways to erase the evidence of data exfiltration. While it might be tough to identify their digital evidence trail, their behavior might be their number one weakness.
Insiders tend to act out
In most cases, an insider might start to distance himself from the rest of the team. Some may even show a change in attitude to one of a vengeful and frustrated employee. You will typically notice them ignoring common security policies or trying to access things that they aren’t supposed to access.
To stop insiders in their tracks, you need to assess behaviour changes through some threat indicators such as disregard for rules, job performance issues, and policy violations. For instance, a software developer with the intent to steal software code will typically drop in performance and remain in the office until the late hours of the night.
Conclusion
The psychology of insiders will differ with their motivation. But changes in behaviour should warrant an investigation. Keep tabs on the behaviour and performance of employees to prevent insider data theft.