The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.
This is one area where psychology is more useful than technology, even if smart security technology can help detect problems that may initially escape notice otherwise.
Like the profiling exercises of organisations like the FBI, you can be on the lookout for situations like the following:
- Disgruntled employees, unhappy with their job, their career, their employer or a combination of these, and who may be tempted to steal or sabotage assets as revenge.
- Industrial spies, not only those deliberately planted by competitors, but also employees who want or need extra cash, and who respond to offers from rivals to procure confidential information.
- Careless workers, who create security vulnerabilities and holes by failing to pay attention to basic rules of information security and correct handling of confidential data, possibly handing over their company account credentials to a plausible, but nefarious enquirer.
- Leavers, whose positions have been terminated or who have sought employment elsewhere, and who leave with “useful” data for their next jobs, such as customer account listings and details.
- Data thieves, illegally selling information held by the company, especially personally identifiable information (PII) to the highest bidders, who then use it for phishing, spear phishing, whaling, identity theft, or other undesirable activities.
Clearly, somebody who is disgruntled or careless, for example, is not necessarily an information security threat. It all depends on the information that person can access.
Other categories like industrial spies and data thieves are immediately security threats, with the challenge of catching them in the act.
At this point, technology such as systems using behavioural analytics may be the best way to detect attempts to copy data or access unauthorised accounts.
But common sense and observation can help reduce such incidents in the first place. One solution and approach to this problem can be found here.