cyber threat

Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious cyber threat.

The individuals who steal privileged information have common traits and behaviors. Unless specifically trained, many managers may not recognize a malicious insider at work in the organization. The following is a list of some of the traits and behaviors frequently found among insider threats.

Behavorial Characteristics2Behavioral Indicators2
  • Introversion
  • Greed/ financial need
  • Vulnerability to blackmail
  • Compulsive and destructive behavior
  • Rebelliousness, passive aggressiveness
  • Ethical “flexibility”
  • Reduced loyalty/entitlement – narcissism (ego/self-image)
  • Minimizes their mistakes or faults
  • Inability to assume responsibility for their actions
  • Intolerance of criticism
  • Self-perceived value exceeds performance
  • Lack of empathy
  • Predisposition towards law enforcement
  • Pattern of frustration and disappointment
  • History of managing crises ineffectively
  • Remotely accesses the network while on vacation, sick or other odd times
  • Works odd hours without authorization
  • Notable enthusiasm for overtime, weekend or unusual work schedules
  • Unnecessarily copies material, especially if it is proprietary or classified
  • Interest in matters outside of the scope of their duties
  • Signs of vulnerability, such as drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health or hostile behavior, should trigger concern

What can you do? 3

Policies – Ensure that your organization has an acceptable use policy, and has instituted procedures to report suspected insiders.

Training – All levels of the organization should receive insider threat training and have the necessary tools to communicate this threat to all employees.

Safeguard Data – Sensitive data should be safeguarded according to least-privilege. Access should only be provided to a few individuals that require access.

Stay Vigilant – Be particularly vigilant when employment is terminated. Remove access immediately to all systems. Have the departing employee sign a confidentiality agreement and ensure that they understand their legal obligations under such agreement.

For further information, read Insider Threat: Addressing the Threat Within

Sources:
1 InfoSec May 2013
2,3 www.us-cert.gov

Implement a Threat Hunting Program or Managed Detection and Response (MDR) Program to continually be on the lookout for potential attacks. We can help strengthen your threat management program.