The Insider Threat – History is a Circle!

As part of my research for this series, looking at the hows and whys of the cyber security insider threat, I read a paper by Carl Colwill about many of the human factors that lead people to betray a trust and exploit privileged information they have been given access to. One of the sections has the title “The global recession is affecting insider behaviour” and that is what I am going to look at today, as it seems very appropriate to the current world situation.

Why is history a circle? Colwill published this paper in 2009, in the midst of the last time the world’s economy hit the buffers!

Pressure on businesses puts pressure on the employees

Economic pressures drive staff changes for a variety of reasons. Process changes, in an effort to keep a business profitable, will cause ‘headcount challenges’ so staff have to be made redundant. A drop off in orders or demand for the services you offer, will also put pressure on your need for people – putting temptation in the path of those you are having to let go. In many cases these staff reductions will cause extra work for the team left and this extra work for no extra pay is a prime factor in many people leaving one job and moving onto another – again building resentment and so fuelling the temptation to take a spreadsheet of client details out the door. (Colwill.2009 and Jones. 2022)

Unfortunately, dealing with the instability and economic down turn caused by the “Westminster Bubble”, “Putin’s War” or the “COVID-19 economic measures catching up with us” is something a business has to react to and staff have to suffer the consequences.

These circumstances are exactly those we want to avoid if we want to create a team spirit that discourages an insider threat risk. When you feel aggrieved by your employer, stealing information is very tempting, especially as it can appear to be a victimless crime. I have heard various excuses, “well I had that information in my head”, “I could have done the research and created these lists”, “I brought the clients in, I will take them out”, none of which will hold up in a court, but we do not want to get to that point.

I have no magic solution, just a few of the obvious things we all should be doing – I have already mentioned these but it is worth repeating them:

What we have to do as business owners is to make sure we log and monitor staff access to our information – for instance make sure your logging is activated in systems such as Microsoft 365, your accounts package, CRM etc. Where possible make it very difficult for people to exfiltrate the data, do not allow the use of any cloud storage other than the company approved one and ban USB storage devices whilst monitoring for their use are good first steps.

However there is one other thing I encourage our clients to do. Have a weekly staff meeting. Getting everyone together has always been difficult, but moving the meeting onto Teams or Zoom allows remote or hybrid workers to join and those in the office can just gather round a screen – that’s what we do, there is no need to buy extra gear. Let the agenda include training, future plans, anyone’s ideas about anything and always gossip and the meetings can be a real contribution to your cyber security. One thing to avoid is operational discussions and scheduling – let those that need that meeting continue afterwards in their own sessions.

Finding 30 minutes in a weekly schedule can be a challenge but make it easy to join and not a rant each week and it can be a positive contribution to reducing the risky behaviour of your team.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

References

Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days?. Information security technical report14(4), 186-196.

Jones, E. (2022). How Microsoft can help reduce insider risk during the great reshuffle. Microsoft Security Blog. Retrieved October 20, 2022, from https://www.microsoft.com/security/blog/2022/02/28/how-microsoft-can-help-reduce-insider-risk-during-the-great-reshuffle/