The faster a data breach can be identified and contained, the lower the costs. The 2017 Ponemon Institute Report on Data Breaches found that the time to identify and contain a breach were highest for malicious and criminal attacks (214 and 77 days, respectively) and much lower for data breaches caused by human error (168 and 54 days, respectively). For a sample of 419 companies, the mean time to identify (MTTI) was 191 days, with a range of 24 to 546 days and the mean time to contain (MTTC) was 66 days with a range of 10 to 164 days and the average cost was approximately $156 per record. The capability to respond quickly, or identify the potential for insider risk is therefore pivotal to successful resolution of breaches.
Systematic differences in individual communicative styles can be attributed to personality traits or stable affective qualities; in other words, what we say, and how we use language can provide critical insight into our state of mind; the words we choose to use, and the way we structure our sentences means something. There is a relationship between language and personality and the advent of social media, text chat, email and messaging has provided psychologists and social scientists with an unlimited repository of data to investigate this relationship scientifically.
If we’re honest, most of us recognise a parapraxis, or “a Freudian Slip” for what it is; an error in our speech that occurs when we are in conversation, and we unwittingly use a seemingly unrelated word instead of “what we meant to say”. We’ve all done it. Sometimes we don’t even notice. Sometimes, it’s embarrassing and inappropriate. We call a line manager “dad”, we say “I love you” or “see you later” to a client or a colleague, we call our lover by our brothers name. There are multiple reasons this can happen, but the fact remains that it says something about us, about our personality, our history, our fears, our habits, or it reveals something about the dynamics of our relationship with the other. Something, somewhere has been triggered and a slip occurs. Noticing that slip, or having no idea it occurred also says something about us, and our capability to reflect, or tendency to self-monitor. Our reaction to that slip takes us deeper. Embarrassment, humour, anger. It all provides insight into our story, what shapes us, our narrative.
Similarly, the words we choose when we write an email to a colleague, how we are trying to present ourselves when we write a text or communicate verbally builds on that story. Some of us are more conscious than others and we can become very good at monitoring our language, drafting communications, redrafting, choosing a different word or toning our language down, but no matter how consciously we try to appear relaxed or organised, use conciliatory words to appease an irate boss, or appear in control, our language can tell a different story. It is not only the words we choose, it is the syntax, and the structure of our sentences that provides the clues to our psychology. The frequency with which we use functions, such as ‘a’, ‘and’ and ‘the’, can indicate our gender, our use of pronouns can indicate depression, retractors such as ‘but’, ‘however’ and ‘unless’ in combination with other indicators, can signify anxiety and uncertainty.
Analysing language provides insight into who we are, and our state of mind. Indeed, research using computational linguistic analysis has evolved and provided insight on areas of deception, threat assessment, personality, predictive analytics, and others. As a result, monitoring language over time can provide a baseline for our personality, and when our state of mind alters, our language changes and these changes can be identified by cutting edge technology.
What has this got to with Insider risk?
The analysis of language to understand human behaviour has been in use for decades and psychologists in government and law enforcement have developed and refined remote assessment to understand the behaviour of political leaders to provide insight into their behaviour for planning and negotiation. We are now bringing this technology to address insider risk in industry.
The key to identifying and managing at-risk employees before an insider event occurs is to use a combination of behavioural insight and psychology alongside the implementation of physical cyber security protocols using software to analyse language continuously in a way that maintains privacy.
Increasingly, the data is readily available to do this as email, chat, and texts have become customary methods of communication in business. Although these communications are subject to analysis and monitoring, until now this has been done retrospectively, and for investigative purposes; poring through historical records of communications to identify ‘what went wrong’ in the event of a breach or incident. It it now possible to monitor these communications in real time to identify at-risk individuals before a security incident occurs.
Employees are unlikely to start out as security risks, but their language changes when their circumstances, relationships, or frame of mind changes. Identifying an insider risk as it develops provides an organisation with an opportunity to intervene before the employee can cause damage. Fraud and sabotage, as well as unintentional accidents and mistakes are almost always the product of human error or behaviour and often result from disaffection or disillusionment, anger, depression, or other forms of cognitive load, such as stress. As mentioned above, these indicators are present in our language and digital communications, in our syntax and sentence structure when we are under stress, even when we make concerted efforts to conceal these feelings.
J2S Insider Risk draws on decades of expertise in intelligence and security, including former political psychologists to apply this research to industry using behavioural research and software to analyse digital communications to detect language that correlates with security risks. This can detect concerning changes in behaviour over the long term but unless a risk is identified, the employee’s communications remain private. Critically, where a point of friction is identified, whether it is organisational stress or personal circumstances that put an employee on the path to insider risk, J2S Insider Risk can provide expertise to mitigate and manage the risk, to bring an employee back to equilibrium, before an insider event occurs.