Should we be doing more to tackle insider threat?
After listening to a panel of industry leading CISO’s discuss insider threat, I wondered if there was more to it, if recruiters could do something to raise awareness around this topic.
Time to hire is a pressing issue in the competitive world of cyber security, but hiring the wrong person into a critical role can be fatal to an organisation.
The Centre for the Protection of National Infrastructure report that ‘the majority of insider cases are self-initiated (76%), rather than as a result of deliberate infiltration (6%); i.e. the individual saw an opportunity to exploit their access once they were employed rather than seeking employment with the intention of committing an insider act’.
This highlights a change in mind-set or personal situation, which is the motivation to perform malicious activity.
How can we recognise the warning signs of such a change?
CPNI state that ‘the majority of insider acts are carried out by permanent staff (88%); only 7% of cases involved contractors, and only 5% involved agency or temporary staff’.
As recruiters we do everything we can with the information available to us, to make sure a candidate is genuine. But, with pressure to fill skill gaps quickly, can we balance the need for speed with accurate security checking?
Can we also better recognise the changes in behaviour of a candidate once they become a ‘trusted’ permanent employee? Should we, the recruiters, be taking on more responsibility?
Some organisations have introduced a yearly employee interview into their appraisal process. It allows management to identify changes in behaviour or personal circumstances before a negative impact is made.
Financial gain was the single most common primary motivation (47%), ideology (20%), a desire for recognition (14%) and loyalty (14%) were also common motivations. This made me think that we, as recruiters, could play a significant role in this annual or twice yearly informal catch up. Would permanent candidates, placed by a trusted recruiter, open up to someone outside of the organisation?
It was found that 60% of insider cases were individuals who had worked for their organisation for less than 5 years, years in which our relationships with the candidates are still strong and fresh.
For an industry based 50% on candidate relationships, I believe there’s a whole lot more we could be doing, and a lot more value we could be adding.
But it’s really what you think that matters….
Tweet us your opinions at @HNTechnology using the hashtag #InsiderThreat
Head of Information Security
This week we had three new colleagues join our team in Stockholm! Together we continue on our journey to grow our offering in the Nordic market. Basem Bacchus has a background in sales and marketing and 10 years of experience in leading sales roles. In 2017 he decided to change career path and…
There is much talk about the customer experience and how, in order for or us to do a good job, it is important that we establish a good relationship with our customers. A company needing our help with a recruitment must feel confident that we will find the right candidate for them - the…
Operational roles, closely aligned with the business, with large personnel responsibility and often with complex supply chains pervade positions in this sector. Regardless, of whether you work in a small local company or in a large international context. The demands are many and the responsibility is broad, something that our new colleague Pauline Nilsson…