Should we be doing more to tackle insider threat?
After listening to a panel of industry leading CISO’s discuss insider threat, I wondered if there was more to it, if recruiters could do something to raise awareness around this topic.
Time to hire is a pressing issue in the competitive world of cyber security, but hiring the wrong person into a critical role can be fatal to an organisation.
The Centre for the Protection of National Infrastructure report that ‘the majority of insider cases are self-initiated (76%), rather than as a result of deliberate infiltration (6%); i.e. the individual saw an opportunity to exploit their access once they were employed rather than seeking employment with the intention of committing an insider act’.
This highlights a change in mind-set or personal situation, which is the motivation to perform malicious activity.
How can we recognise the warning signs of such a change?
CPNI state that ‘the majority of insider acts are carried out by permanent staff (88%); only 7% of cases involved contractors, and only 5% involved agency or temporary staff’.
As recruiters we do everything we can with the information available to us, to make sure a candidate is genuine. But, with pressure to fill skill gaps quickly, can we balance the need for speed with accurate security checking?
Can we also better recognise the changes in behaviour of a candidate once they become a ‘trusted’ permanent employee? Should we, the recruiters, be taking on more responsibility?
Some organisations have introduced a yearly employee interview into their appraisal process. It allows management to identify changes in behaviour or personal circumstances before a negative impact is made.
Financial gain was the single most common primary motivation (47%), ideology (20%), a desire for recognition (14%) and loyalty (14%) were also common motivations. This made me think that we, as recruiters, could play a significant role in this annual or twice yearly informal catch up. Would permanent candidates, placed by a trusted recruiter, open up to someone outside of the organisation?
It was found that 60% of insider cases were individuals who had worked for their organisation for less than 5 years, years in which our relationships with the candidates are still strong and fresh.
For an industry based 50% on candidate relationships, I believe there’s a whole lot more we could be doing, and a lot more value we could be adding.
But it’s really what you think that matters….
Tweet us your opinions at @HNTechnology using the hashtag #InsiderThreat
Head of Information Security
We are stregthening our team in Malmö with the recruitment of Maria Pettersson, starting as Consultant. Maria Pettersson has almost seven years of experience from the recruitment industry and joins us most recently from a role as Consultant Manager, focusing on roles within Financial services. She also brings experience from working with IT…
This week we had a new colleague joining our team in Malmö. Nandie Olsson will be our new Researcher working across a broad range of functions to assist in our assignments within the regions of Skåne and Öresund. "I look forward to getting started working in my profession and being part of the team…
In an increasingly changing business environment with high workload and demands for rapid adaptation, more businesses find the benefit of being able to quickly solve skills shortage by taking on an interim consultant. Who wouldn’t want the opportunity to bring in another pair of eyes to get help and ensure that you spend time doing…