Your friend or not your friend, this is the new question, when dealing with insider threat. Often times when you hire a prospective employee, you are putting a level of trust in him or her. This trust is similar to the trust you would put in your own family. Within that trust boundary you are relying on the employee to perform their job to the best of their ability, much like we instruct our kids to do the same in life.  However, the similarities end there, and new dynamics are introduced, including the psychological unknown of people.

“With great power comes great responsibility”, a quote from Spider Man’s Uncle Ben, is an understatement when we are talking about these same employees that we empower.  We give them user names, passwords, guides to the infrastructure, and the knowledge on how to accomplish various tasks. We do all of this with the perceived confidence that the employee will do the right thing, be ethical, and not go outside of what has been instructed.

It’s the psychological unknown of the employee that is the “X Factor” in all businesses. Although we would like to think we hired a good employee, there are things outside of our control that can change the same good employee to suddenly go bad.  The triggers are plentiful given today’s economic situation. This could be money, family, stress, etc.  Many things can trigger your employee to start doing malicious things with the power they acquired.

In 2008, www.cert.org conducted an Insider Threat Study titled “Illicit Cyber Activity in the Information Technology and Telecommunications Sector”.  Within the report, they looked at 52 specific insider threat incidents that were carried out by 57 insider threats between 1996 and 2002. The stats are as follows: 24 out of the 52 were purely sabotage; 11 out of 52 were intellectual property theft; 8 out of 52 were fraud; 6 out of the 52 were a combination of sabotage and intellectual property theft; the remaining 3 were a combination of fraud and intellectual theft.

In the same report they looked at the motive of the insider threat. What were the variables that these people used to justify their malicious actions? Their key findings provided some interesting thoughts around the why and most importantly some prevention methods.

•    38% of those insider threats had prior arrests
•    73% of those insider threats explained a negative work related event trigger their actions
•    76% of those insider threats planned their malicious actions in advanced
•    50% of those insider threats had authorized access to the systems/network at the time of the incident
•    74% of those insider threats took steps to hide themselves and mask their activities
•    80% of those insiders were caught only through manual detection of a system experiencing anomalies or failures.

The outcomes of these actions are far more devastating than the dollar amount tied to fixing what can be fixed. While you can fix a server, it is much harder to fix the reputation of the company, reputation of your department, and the reputation of yourself as a hiring manager.  You simply can’t prepare for everything regarding the employees you trust. There are, however, some prevention methods to help minimize the likelihood of your company becoming a victim, and possibly losing millions in the process.

• Formulate a strong screening process for those positions that require such great powers. Depending on the sensitivity of the position, you may need to implement several screens for the duration of the employee and his/her position. Don’t be afraid to include liberal background checks for those key employees.

• Enforce separation of duties and least privilege. No one should have all the keys to the kingdom. One man IT shops are cheap and inexpensive, however they can cost you your entire company.

• Log, monitor and audit employees’ online company activities. Ensure you also have someone “watching the watcher”. No one should be an exception to this rule.

• Monitor and react to suspicious or disruptive behavior, regardless of how insignificant it may be.  If you collect enough crumbs, you will create a cookie.

• The most important step of all is to know your employees. If you honestly know your employees you increase the chances that you will be able pick up on any “psychological unknowns” that may suddenly appear. We all show signs one way or another,  and react accordingly.