Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Reducing your vulnerability to insider threat

Friday, July 12, 2019 - 16:58

Monica Whitty's keynote at the FIRST Conference (recording available on YouTube) used interviews at organisations that had been victims of insider attacks to try to understand these attackers – and possible defences – from a psychological perspective.

It turns out that thinking about stereotypical "insider threats" probably doesn't help. Notably, disgruntled employees were responsible for a surprisingly small proportion of such incidents. Far more were identified by their colleagues as having a strong company loyalty. In demographic terms, attackers (at least those that were detected) show very similar patterns to typical workforces. Personality traits appear more promising, until you realise that the traits most likely be involved in insider incidents are also those in demand among successful organisations, particularly in ICT.

One thing that does seem to distinguish insider threats from other workers is motivation. By far the most common is addiction (including to something as innocent as bingo), followed by challenging circumstances in their personal life. And, strikingly, these were often known to the organisation before the incident took place. The trigger for them acting was often a sudden increase in anxiety. So it seems that a significant reduction in insider threat may be possible simply by providing better support for employees who seek help in dealing with personal problems. Organisational culture can also reduce the opportunity for insider threat – if someone is behaving strangely, it should be acceptable to ask if they are OK. Refusing to share passwords, let someone in to an area where they are not authorised, etc. should not be seen as lack of trust, but as helping them avoid a self-destructive path.

For more details, see the insider threat project's home page.

My attention has been drawn to research by the Software Engineering Institute that highlights the importance of (perceived) organisational support in general, not just when employees are experiencing difficulties.