Insider threats: The most complex and messy
Ask yourself...
Why do people join organizations with high hopes and passion; , and then end up disengaging, or even worse, committing workplace sabotage?
Why is it that insiders don't fully engage in organizational security? Why do they seem distracted at the expense of vigilance for social engineering (i.e. phishing and trojan horse traps); or at the security gate, such as service counters for outliner behaviors indicative of deception?
Why when boarding an aircraft do we notice that onboarding airline agents and security are simply going through the motions while handling a photo ID; without communicating through there behavior that they are being vigilant?
Why should we not be surprised that insiders cheat a little bit? Why do even the most honest and conscientious employees sometimes go completely off the rails into the dark world of occupational fraud, embezzlement and corruption?
Why is it people respond to aggression, with aggression? Why does someone that human resources and managers would have never imagined in their wildest dreams, commit workplace sabotage or become an active insider shooter?
Why is it that employees are completely unaware when their judgment is biased?
Insider Threats
Evolutionary biologists, neuroscientists, endocrinologists and geneticists among other research disciplines are beginning to answer these questions,. For the most part they agree that the most significant influencer on insider behavior is workplace environment.
the ATRiM Group conducts insider environmental threat risk assessments as an essential compliment to Anti-terror and other Crime Threat controls ('outside-the-systems'). When insider ('inside-the systems') engagement, attention (focus) and emotional resiliency are low, the likelihood of successful attack from the outside increases. It is not a quantum leap to make the connection between workplace environment and occupational fraud, theft and corruption. The likelihood of insider collusion with an outsider increases. Unhealthy workplace environments predictably increase exposure to cybersecurity threats and more insidiously; workplace sabotage and workplace violence.
An evolutionary biology nugget: Evolution is a tinkerer, not a builder
Post-incident analysis about observed human behavior is always about context. Insider behavior is highly complicated and at times based in some pretty weird biological wiring. Thus, there is always a degree of uncertainty and unpredictability to insider threat identification and mitigation.
Why do people join organizations with high hopes and passion; , and then end up disengaging, or even worse, committing workplace sabotage?
Why is it that insiders don't fully engage in organizational security? Why do they seem distracted at the expense of vigilance for social engineering (i.e. phishing and trojan horse traps); or at the security gate, such as service counters for outliner behaviors indicative of deception?
Why when boarding an aircraft do we notice that onboarding airline agents and security are simply going through the motions while handling a photo ID; without communicating through there behavior that they are being vigilant?
Why should we not be surprised that insiders cheat a little bit? Why do even the most honest and conscientious employees sometimes go completely off the rails into the dark world of occupational fraud, embezzlement and corruption?
Why is it people respond to aggression, with aggression? Why does someone that human resources and managers would have never imagined in their wildest dreams, commit workplace sabotage or become an active insider shooter?
Why is it that employees are completely unaware when their judgment is biased?
Insider Threats
Evolutionary biologists, neuroscientists, endocrinologists and geneticists among other research disciplines are beginning to answer these questions,. For the most part they agree that the most significant influencer on insider behavior is workplace environment.
the ATRiM Group conducts insider environmental threat risk assessments as an essential compliment to Anti-terror and other Crime Threat controls ('outside-the-systems'). When insider ('inside-the systems') engagement, attention (focus) and emotional resiliency are low, the likelihood of successful attack from the outside increases. It is not a quantum leap to make the connection between workplace environment and occupational fraud, theft and corruption. The likelihood of insider collusion with an outsider increases. Unhealthy workplace environments predictably increase exposure to cybersecurity threats and more insidiously; workplace sabotage and workplace violence.
An evolutionary biology nugget: Evolution is a tinkerer, not a builder
Post-incident analysis about observed human behavior is always about context. Insider behavior is highly complicated and at times based in some pretty weird biological wiring. Thus, there is always a degree of uncertainty and unpredictability to insider threat identification and mitigation.
Environmental Controls
Executives and senior managers implicitly communicate messages to employees through their body language, pitch and tone of voice, their words and deeds. Establishing effective insider controls begins with setting the tone from the top; combined with situationally constant reinforcement of the organization's values. Employees' perception of the organization they work for is heavily influenced by how they are treated by their supervisors and line managers. We assess workplace environment in several categories for policies, guidelines and practices that erode resilience (emotions) and which potentially trigger negative employee behaviors. From a security perspective it is important to eliminate environmental conditions which provide rationalizations or excuses when insiders are tempted to do bad things.
Insider Cybersecurity Risk Mitigation
Security is always a challenge inside complex systems. the ATRiM Group consults like-minded subject matter specialists, including Canada's Cyber Security Canada and Australia's Naked Insider. Both these companies go the extra mile to get to the roots of insider cybersecurity threats. Specialized areas of competency for these companies include:
i) procedures, policies and technologies to address insider threats;
ii) creating cooperation synergies for detecting, preventing and responding to insider threats;
ii) education on insider threats;
v) assistance to those dealing with and managing insider threats; and iv) steps and techniques for engaging insiders in threat prevention, detection and response.
i) procedures, policies and technologies to address insider threats;
ii) creating cooperation synergies for detecting, preventing and responding to insider threats;
ii) education on insider threats;
v) assistance to those dealing with and managing insider threats; and iv) steps and techniques for engaging insiders in threat prevention, detection and response.
Workplace Sabotage and Workplace Violence
|
Both complex and massy, the human brain has been coined as as a "predictive machine" by neurologist Lisa Feldman Barrett.
Its roots are in the biological functions of the body and physical survival. The brain in all living organisms evolved from a small nervous system in ancient multi-cell species; to brains of reptiles and the arrival of an emotional center in all mammals and finally the complexity at the top end of the scale found in the interconnected, multi-layered human brain that includes things like language, math and problem solving. Evolution is tinker, not a builder. So, no surprise here that the human brain comes with some pretty nutty, head scratching, wiring that cannot be explained linearly. Workplace sabotage and workplace violence are an aggression response to feelings of betrayal or injustice. The planning of revenge is believed to innate; given that endocrine system is releasing oxytocin that stimulates the pleasure center of the brain in the same area some drugs do. Carrying through with sabotage and violence is affected by other factors including, but not limited to, emotional resiliency. When analyzing the triggers of workplace sabotage and workplace violence: environmental biologists, neurologists, molecular geneticists and endocrinologists will qualify their analysis with a caveat: "It depends on context". And thus, by extension includes a whole bunch of factors, not the least of which includes workplace environment. So, does it not make good business sense to get a better handle on negative workplace environment triggers inducing workplace sabotage and workplace violence; in order to get more security bang for your buck? |
Click on the Image
|