Should we be doing more to tackle insider threat?
After listening to a panel of industry leading CISO’s discuss insider threat, I wondered if there was more to it, if recruiters could do something to raise awareness around this topic.
Time to hire is a pressing issue in the competitive world of cyber security, but hiring the wrong person into a critical role can be fatal to an organisation.
The Centre for the Protection of National Infrastructure report that ‘the majority of insider cases are self-initiated (76%), rather than as a result of deliberate infiltration (6%); i.e. the individual saw an opportunity to exploit their access once they were employed rather than seeking employment with the intention of committing an insider act’.
This highlights a change in mind-set or personal situation, which is the motivation to perform malicious activity.
How can we recognise the warning signs of such a change?
CPNI state that ‘the majority of insider acts are carried out by permanent staff (88%); only 7% of cases involved contractors, and only 5% involved agency or temporary staff’.
As recruiters we do everything we can with the information available to us, to make sure a candidate is genuine. But, with pressure to fill skill gaps quickly, can we balance the need for speed with accurate security checking?
Can we also better recognise the changes in behaviour of a candidate once they become a ‘trusted’ permanent employee? Should we, the recruiters, be taking on more responsibility?
Some organisations have introduced a yearly employee interview into their appraisal process. It allows management to identify changes in behaviour or personal circumstances before a negative impact is made.
Financial gain was the single most common primary motivation (47%), ideology (20%), a desire for recognition (14%) and loyalty (14%) were also common motivations. This made me think that we, as recruiters, could play a significant role in this annual or twice yearly informal catch up. Would permanent candidates, placed by a trusted recruiter, open up to someone outside of the organisation?
It was found that 60% of insider cases were individuals who had worked for their organisation for less than 5 years, years in which our relationships with the candidates are still strong and fresh.
For an industry based 50% on candidate relationships, I believe there’s a whole lot more we could be doing, and a lot more value we could be adding.
But it’s really what you think that matters….
Tweet us your opinions at @HNTechnology using the hashtag #InsiderThreat
Head of Information Security
We have the pleasure of welcoming Melissa Minaya as our new colleague! Melissa is known to us from before having worked for our sister company Alumni, but now she has made the move over to a role as Consultant in our Malmö office at Harvey Nash. Melissa has thorough knowledge of executive search and recruitment
Last week we welcomed two new colleagues to our team at Harvey Nash! Matilda Andersson recently graduated with a degree in Human Resource Management from Uppsala University. Matilda will join as Researcher in our team dedicated to recruitment within IT and Tech roles in Stockholm. Alongside her studies, she has already worked parttime as
The protection and safeguarding of our client’s and candidate’s personal data is a fundamental part of our business operations. We are fully committed to ensure compliance in accordance with the provisions of the various data acts, laws and regulations as applies to our company. With updated Data Protection Regulations coming into force in