Should we be doing more to tackle insider threat?
After listening to a panel of industry leading CISO’s discuss insider threat, I wondered if there was more to it, if recruiters could do something to raise awareness around this topic.
Time to hire is a pressing issue in the competitive world of cyber security, but hiring the wrong person into a critical role can be fatal to an organisation.
The Centre for the Protection of National Infrastructure report that ‘the majority of insider cases are self-initiated (76%), rather than as a result of deliberate infiltration (6%); i.e. the individual saw an opportunity to exploit their access once they were employed rather than seeking employment with the intention of committing an insider act’.
This highlights a change in mind-set or personal situation, which is the motivation to perform malicious activity.
How can we recognise the warning signs of such a change?
CPNI state that ‘the majority of insider acts are carried out by permanent staff (88%); only 7% of cases involved contractors, and only 5% involved agency or temporary staff’.
As recruiters we do everything we can with the information available to us, to make sure a candidate is genuine. But, with pressure to fill skill gaps quickly, can we balance the need for speed with accurate security checking?
Can we also better recognise the changes in behaviour of a candidate once they become a ‘trusted’ permanent employee? Should we, the recruiters, be taking on more responsibility?
Some organisations have introduced a yearly employee interview into their appraisal process. It allows management to identify changes in behaviour or personal circumstances before a negative impact is made.
Financial gain was the single most common primary motivation (47%), ideology (20%), a desire for recognition (14%) and loyalty (14%) were also common motivations. This made me think that we, as recruiters, could play a significant role in this annual or twice yearly informal catch up. Would permanent candidates, placed by a trusted recruiter, open up to someone outside of the organisation?
It was found that 60% of insider cases were individuals who had worked for their organisation for less than 5 years, years in which our relationships with the candidates are still strong and fresh.
For an industry based 50% on candidate relationships, I believe there’s a whole lot more we could be doing, and a lot more value we could be adding.
But it’s really what you think that matters….
Tweet us your opinions at @HNTechnology using the hashtag #InsiderThreat
Head of Information Security
We hope to see you in Almedalen, Gotland! During this week, something that many call the Almedalen spirit prevails. The week quite simply has a special atmosphere, to which the time and place have definitely contributed. Almedalen Week is an unusual combination of political summit and openness. However, it is also associated with an
This week we launched our 2018 CIO survey together with KPMG. For the 20th year running, we were proud to present the latest insights from IT leaders across the world. A big thank you to all who took part in the survey and helped contribute to the results. The complete report will be available
Boards ramp up investment in data privacy and security in rush to become GDPR compliant and avoid data breaches, Harvey Nash/KPMG CIO survey finds. The largest IT leadership survey in the world, analyzing responses from organizations with a combined annual cyber security spend of up to US$46bn , found almost a quarter (23 percent)