13 Behavioural Signs of an Insider Threat
The following are signs of a potential insider threat actor. Of course not everyone who is printing more documents than usual is an insider threat!
6 Digital indicators of Intentional Insider Threat
As well behavioural indicators there are also digital indications that an insider attack is taking place.
1. Use of personal cloud storage and unauthorised storage devices
2. Downloading and storing more company data than is required by their role
3. Requesting access to sensitive data not required for the role or project
4. Sharing company data with people outside the organisation or on social media
Problems with Insider Threat Reporting
Red Goat conducted a study into insider threat reporting to discover what factors render people more or less liable to report suspicious activity. Through a sample of 1145 participants across a range of job roles, countries and industries, we have gained a valuable insight into the barriers preventing reporting.
- There is a chronic under-reporting of suspicious behaviour for the majority of situations tested.
- Senior staff members are immune from being reported, irrespective of the severity of their actions.
- Contractors and new staff members are the most likely to be reported for suspicious behaviour.
- Employees favoured reporting to HR over Security teams and lack of training was found to be a major barrier to reporting. The qualitative data furnishes us with some colourful case studies to consider.
Why is reporting so hard?
While it is clear that employees are unwilling to report unauthorised access, anecdotal report collected from interviewees as part of the research shows that it is not uncommon for employees to turn a blind eye to far more serious insider threats and only come forward after the event. This kind of “after the event” whistleblowing is often too little, too late.
Participants reported “lack of knowledge and training” as well as an overall lack of “confidence in confidentiality as barriers to reporting. As one respondent stated “I would rather come forward as a witness after the attack than risk my life and career being ruined by reporting it earlier..”