Reducing the Effects of Malicious Insiders Non Technologically
This is a computer driven world. Technology is improving day by day. Today every organization uses computers of some sort of other to function. Computers and internet are the best friends of man. However, if used in an unethical manner it will not be time before they turn into very bad enemies. Any organization can face a data security threat. This threat can emanate either from inside or outside. Different ways are required to deal with these factors. Insider threats are more dangerous than outsider threats. As you read on you will understand why it is so. What constitutes an insider threat?
As the name suggests, insider threat emanates from within the organization. Any person working in the organization can become a threat at any point of time. It depends upon the circumstances. Insiders are supposed to be loyal to the organizations they work. It is true in majority of the cases. However, there are exceptions. Such people develop malicious intentions. This conveys the meaning that these insiders develop some sort of a bad intention against the organization and work towards plotting the downfall of the organization. This is a very dangerous thing to note. There are also chances that there may be non-malicious intentions also. Errors caused due to non-malicious intentions also harm the organization. Such errors can happen due to pressure and stress. Usually such errors occur on Fridays or Mondays. The human being is not a perfect animal. He can make mistakes, but if there is no malicious intention behind the mistakes, it is always pardonable. Malicious insiders are the ones one has to be careful. They have the potential to harm the organization in many ways. Who are these malicious insiders? How do you combat them?
Historically, malicious insiders usually are among the best employees at one point of time. They are the ones with adequate knowledge of the systems and know how to deal with the problematic issues. In fact, they act as troubleshooters at many times. They have authorized access to the internal systems and have the ability to cause damage. It is very difficult to find out what works inside a person’s mind. No computer in this world can detect this secret. Usually, an organization checks the credentials of a person before entrusting him with a particular responsibility. However, there are times even when the person with the strongest integrity quotient also becomes weak. This can result in commitment of certain activities that can go against the interests of the organization. That is the reason why organizations opt for the procedure of checks and balances at each stage of any process. Such checks and balances can filter out people with malicious intent. Research into this activity and its findings: Malicious insider activity is a well-researched subject. The findings are there for everyone to see. Many organizations have conducted extensive research in the subject. The Carnegie Mellon Institute is one such organization that has done pioneering research in this field. Historical data is the basis of these findings. However, the research has clearly established the trends and the following are the findings. There is an age-old adage, which goes as follows. A thief is a thief only if he on being caught. Many cases go undetected. Detected cases form the basis of these findings. Statistically these are the findings.
- One third of the employees will try to steal only if they think that they can get away with it.
- One third will steal even otherwise.
- The remaining one third will never entertain the temptation to steal.
From the above analysis, that in any organization you will be able to find two thirds of the total employees who can be classified as having a clouded integrity. One more fact that has come to notice is that out of the total number of detected malicious acts, insiders account for about two thirds of the cases. Combative methods adopted by organizations: Every organization has its own methods of checking such behavior. Investigations at this initial stage itself detect usually more than three fourths of malicious intent activity. In such cases, the detection of malicious activity takes place prior to any harm done to the organization. Many a time, these measures are inadequate. It is under such circumstances that the loss becomes tangible. How do you detect a malicious intention in an insider?
This is very difficult to detect. Persons with malicious intent behave in the most normal manner possible. However, there are certain mechanisms exhibited by such people that require monitoring at frequent intervals. Usually they behave in the same way in which people with non-malicious intentions behave. Hence, handling of the issue should be on a case-to-case basis. This may cause hounding an innocent person for no rhyme or reason. Such a person can later on harbor malicious intent against the organization. One sign where you can detect malicious intention is the lavish spending styles of certain employees. In case you find out that an employee is spending far beyond his usual means, this is a cause of alarm. It means that you have to be on your guard. Some employees develop a malicious intention when they feel like quitting the organizations. The activities of such employees need strict monitoring. Such persons reduce their communication channels with others as far as work is concerned. Such traits require careful monitoring. It is a fact that people with malicious intention do not take any holidays. Hence, organizations must clamp down on such activities and force employees to go on leave at least for a fortnight during a year. It can keep a check on people who have not availed leave for a long time. What action should the management take against malicious insiders? Now we shall assume the following scenario. Assume you are the CEO of a corporate entity say X. The company has hundreds of employees on its rolls. These include persons in high-ranking senior officials. The working staff also includes lower level officers and salespersons and other subordinate staff. The four quarters of the year have seen the following instances of misdemeanor. Quarter 1: An investigation shows eight instances of password misuse. The investigations showed access of internal data from external systems. On questioning, the concerned staff members feigned ignorance. Password guessing and theft were the reasons given for these occurrences. Maintaining password secrecy under any circumstances was the central idea of their training. The company did not take any action against the erring employees. Question: Would you have done the same? Quarter 2: The investigation team detected four instances of internal data being stored on external storage devices such as a public cloud server. The members clarified that they had done it to have access from home. The work had to be finished on time. The IT department categorically clarified that this was against the rules. The company reprimanded the staff members with a warning that the tolerance level of such instances would be “Zero” in future. They had the option of requesting the IT department to grant them access and the company board would have taken a decision. Question: What is your reaction to this? Quarter 3: Investigations revealed that certain staff members were involved in personal affairs. These incidents surfaced during the course of another unrelated investigation. The management decided that such matters were out of the purview of the investigation teams. However, these affairs were in the knowledge of the HR Department. Without going deep into the matter, the HR Department made it clear that the company will not tolerate such instances. Question: What are your reactions to this case? Quarter 4: This is a case involving a high-level executive. He had quit the organization during the third quarter after his affair with a sales executive. She has quit the organization too. Both of them have formed a new company. This company is a direct competitor to yours. You find that more than 20% of your existing business has shifted to the new company within this short span. Another 20% is on its way out. This is a clear-cut case of malicious insider activity. Question: What would be your plan of action in such a scenario? All the four cases mentioned above give chance for data theft to take place. On further investigations, certain other points may also arise. Certain common threads emerge. If such is the case, these activities require deeper probing. Otherwise, here is how you should deal with the matter. Quarter 1: Maintaining password secrecy is a very important aspect in today’s scenario. There should be no compromise on this aspect. You should advise the members to be more careful in future. You can avoid further misdemeanors by keeping a watch on such employees. Quarter 2: The staff members might have had good intentions to complete the work at home. This shows their dedication towards their jobs. However, a company has framed rules and regulations. You have to follow these rules at any cost. You should advise the staff members to refrain for repeating such acts and encouraged to complete the work within the time schedule. Quarter 3: Personal affairs during office time should be discouraged. They are free to have their affairs outside the work area. As long as the affairs do not take place in the office and office work is not affected, you should respect their privacy. However, the rules of the company are such that the posting of such pairs should be in separate offices once they get married. Quarter 4: This is a clear-cut case of malicious insider activity and you should deal with it in a firm manner. The company can contemplate taking legal action against the persons concerned. There are certain instances where you can judge malicious intent at the very outset itself. Let us cite a couple of examples. Learn to look for the early signs. A company that disputes late payment penalties in a contract is likely to default on payments regularly. Learn to look for the subtle signs: In case you find that certain members try to avoid phone calls and email messages, it is a clear sign that they do not wish to be part of your project. The earlier you remove them, the better it is for the organization. Summary:
Not all intention need be malicious in nature. Only those intentions that can cause intentional harm to the organization should be termed as malicious. You should also know that loss or harm to the organization could be due to circumstantial or malicious intentions. Our aim should be to curb the malicious intentions only. You should nip the malicious intention in the bud itself. Malicious intention is the main cause of all these frauds taking place in the work place today.