Are all Insider Threats bad apples?

The “bad apples” argument for insider threats is simply too reductionist. Here is why:

 When an intentional insider threat manifests it is a product of a hugely complex and escalating set of circumstances. The argument that they are “just bad people who go around stealing and sabotaging” is at best naïve and at worst actually putting your organisation at greater risk.

 Imagine for a moment that your life has taken a turn for the worse. Your partner has left you in a messy divorce and you now have expensive custody issues to deal with. On top of that money is tight. You are struggling to pay the bills and have little left over at the end of the month. To make matters worse your mother has just been diagnosed with a serious illness and you have to help your siblings find the money to expedite her care. You’re not even sure if you can really afford to drive the car to work. Speaking of work, your new manager is making life hard for you. She is putting up barriers that were never there before and that promotion you now SO desperately need has been ripped from your grasp and handed to Deborah instead. Deborah!?! I mean she has barely been here 5 minutes for goodness sake.

 You are at breaking point. You’re isolated. You are desperate.

 A foreign competitor reaches out and offers you a job. A nice sizeable “golden hello” attached to it too. “It would be great if you could bring a copy of the projects you’ve been working on” hint hint nudge nudge. I am only taking a copy. The company still has the data. Right!?!

 This money would solve many of these issues. At the very least it will give you some breathing space.

 You see in this example the person isn’t “evil” or “bad” they are desperate. They get pushed towards a tipping point desperately treading water. It just so happens that the life vest that was thrown to them first was somewhat dark and nefarious and well, criminal.

 This is why employee assistance programs have been shown to be so effective as part of insider threat programs. That much needed life vest can easily come from you as the employer helping the person struggling, leaving them less vulnerable and your company more secure.

 Effective insider threat programs aren’t just about “chasing the bad guy” they are about preventing desperation, dissatisfaction and disgruntlement. Sure, we need to monitor and address issues but we all understand prevention is always better than cure.

 

Related Posts

Insider Theft of $119M worth of Coca Cola IP

Insider Theft of $119M worth of Coca Cola IP

What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up her own company in China using the stolen technology. Xiarong You has been accused of insider theft and economic espionage...

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case Study   According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret theft and breach of contract. What actually happened? Khatilov was hired by Tesla in to work on...

Insider Threat $800K Rogue Admin

Insider Threat $800K Rogue Admin

Rogue Admin: Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress.