Should we be doing more to tackle insider threat?

May 2, 2015

After listening to a panel of industry leading CISO’s discuss insider threat, I wondered if there was more to it, if recruiters could do something to raise awareness around this topic.

Time to hire is a pressing issue in the competitive world of cyber security, but hiring the wrong person into a critical role can be fatal to an organisation.

The Centre for the Protection of National Infrastructure report that ‘the majority of insider cases are self-initiated (76%), rather than as a result of deliberate infiltration (6%); i.e. the individual saw an opportunity to exploit their access once they were employed rather than seeking employment with the intention of committing an insider act’.
This highlights a change in mind-set or personal situation, which is the motivation to perform malicious activity.
How can we recognise the warning signs of such a change?

CPNI state that ‘the majority of insider acts are carried out by permanent staff (88%); only 7% of cases involved contractors, and only 5% involved agency or temporary staff’.
As recruiters we do everything we can with the information available to us, to make sure a candidate is genuine. But, with pressure to fill skill gaps quickly, can we balance the need for speed with accurate security checking?
Can we also better recognise the changes in behaviour of a candidate once they become a ‘trusted’ permanent employee? Should we, the recruiters, be taking on more responsibility?

Some organisations have introduced a yearly employee interview into their appraisal process. It allows management to identify changes in behaviour or personal circumstances before a negative impact is made.
Financial gain was the single most common primary motivation (47%), ideology (20%), a desire for recognition (14%) and loyalty (14%) were also common motivations. This made me think that we, as recruiters, could play a significant role in this annual or twice yearly informal catch up. Would permanent candidates, placed by a trusted recruiter, open up to someone outside of the organisation?
It was found that 60% of insider cases were individuals who had worked for their organisation for less than 5 years, years in which our relationships with the candidates are still strong and fresh.

For an industry based 50% on candidate relationships, I believe there’s a whole lot more we could be doing, and a lot more value we could be adding.

But it’s really what you think that matters….

Tweet us your opinions at @HNTechnology using the hashtag #InsiderThreat

Stephanie Crates
Head of Information Security