The climate for an insider risk incident is fostered by both the psychological and social aspects of individual and organisational behaviour.
Insider threat comes from the confluence of a number of factors, both internal, psychological stressors and external, organisational, personal and social pressures. It is increasingly important for organisations to be able to recognise the factors that may contribute to an insider event and intervene appropriately.
Our work is underpinned by decades of research both within defence and security, academia and industry including the work of one of our own, Dr Gary Buck, responsible for the development of the Insider RIsk Framework used by the Centre for the Protection of National Infrastructure (CPNI); widely used as an industry standard. We also draw on the work of Dr Eric Shaw, Insider Risk Group, a leading expert in Insider Risk. This research outlines the multiple factors associated with insider risk, the culmination of which has lead to the development of the Critical Path Method to evaluate insider risk; the CPIR (Shaw & Sellers, 2015). The CPIR provides a structured and evidence-based approach to better identify if and when an employee is on the road to effecting an insider act.
Insider threat comes from the confluence of a number of factors, both internal, psychological stressors and external, organisational, personal and social pressures. It is increasingly important for organisations to be able to recognise the factors that may contribute to an insider event and intervene appropriately.
Our work is underpinned by decades of research both within defence and security, academia and industry including the work of one of our own, Dr Gary Buck, responsible for the development of the Insider RIsk Framework used by the Centre for the Protection of National Infrastructure (CPNI); widely used as an industry standard. We also draw on the work of Dr Eric Shaw, Insider Risk Group, a leading expert in Insider Risk. This research outlines the multiple factors associated with insider risk, the culmination of which has lead to the development of the Critical Path Method to evaluate insider risk; the CPIR (Shaw & Sellers, 2015). The CPIR provides a structured and evidence-based approach to better identify if and when an employee is on the road to effecting an insider act.
"The key to identifying and addressing at-risk employees before a breach or incident occurs is to focus as much on understanding and anticipating human behavior as on shoring up technological defenses". Eric Shaw, Founder and CEO, Insider Risk Group
the critical path to insider risk
The key psychological factors that contribute to the potential for an individual to be at-risk for insider behaviour are largely related to resilience. Insiders have usually displayed either adverse coping mechanisms or individual pathologies associated with risk. Emotional vulnerability, low self-esteem, unmet needs, a lack of identity, impulsivity and a maladaptive ability to cope with change are among the characteristics often found in insiders.
However, both the situation itself, as well as personality variables determine our perception of an event and it is not the characteristics in and of themselves that cause an insider to act. It is the combination of external stressors alongside these vulnerabilities that will trigger an individual to form an intention to act maliciously against their organisation, or make them vulnerable to coercion by an insider.
External, circumstantial vulnerabilities are also present within organisations who have suffered an insider threat. Workplace stressors, such as organisational change, changes in workload and interpersonal conflict, changes in personal circumstance (marriage, divorce, parenthood, bereavement, financial stress etc.,) are just some of these factors.
In addition, concerning behaviour will often place an employee “on the radar” but efforts to intervene are often obstructed by legal, administrative and psychological constraints and interventions that are inadequate, ineffective or heavy handed can escalate the risk.
It is the combination, therefore that puts an employee on the critical path to insider risk and a range of resources can be deployed to detect risk indicators, including linguistic analysis of digital communications, sensemaking, 360 degree reporting, technical monitoring of activity and human resource data.
To read more about the CPIR, click here or contact us to find out how we incorporate it into our work.
However, both the situation itself, as well as personality variables determine our perception of an event and it is not the characteristics in and of themselves that cause an insider to act. It is the combination of external stressors alongside these vulnerabilities that will trigger an individual to form an intention to act maliciously against their organisation, or make them vulnerable to coercion by an insider.
External, circumstantial vulnerabilities are also present within organisations who have suffered an insider threat. Workplace stressors, such as organisational change, changes in workload and interpersonal conflict, changes in personal circumstance (marriage, divorce, parenthood, bereavement, financial stress etc.,) are just some of these factors.
In addition, concerning behaviour will often place an employee “on the radar” but efforts to intervene are often obstructed by legal, administrative and psychological constraints and interventions that are inadequate, ineffective or heavy handed can escalate the risk.
It is the combination, therefore that puts an employee on the critical path to insider risk and a range of resources can be deployed to detect risk indicators, including linguistic analysis of digital communications, sensemaking, 360 degree reporting, technical monitoring of activity and human resource data.
To read more about the CPIR, click here or contact us to find out how we incorporate it into our work.