This interesting article was originally published on the Risk UK site.
‘The Insider Threat’ is a hot topic of concern both for the Security Services and for security and risk professionals working within major public and private sector organisations. Setting up effective counter-measures for staff crime – whether the motivation for such criminality be financial gain, a warped ideology or pure malice – is only possible, writes Simon Chapman, when we understand the demographics of employees with criminal intent (and, indeed, their targets).
The statistics show that insider crime is very much on the increase, and certainly in the retail sector. In fact, its prevalence was highlighted in the annual Retail Crime Survey for last year produced by the British Retail Consortium (BRC). The BRC notes that thefts by employees accounted for 6% of all retail crime, representing an increase of 2% on the previous year. The average cost per incident was totalled at £1,114, which is three times more than that realised as a result of theft by customers.
Given both the loss of trust involved in employee theft and the relatively high value of the crime itself, the BRC has commented that it’s “surprising” fewer than 50% of such insider incidents were reported to the police.
Another study, this time conducted by the Centre for the Protection of National Infrastructure (CPNI), provides us with even more detailed analyses. This study considers the results of some 120 UK-based insider theft cases unearthed in both the public and private sectors.
The research identifies the most frequent types of insider activity as being the unauthorised disclosure of sensitive information (47%) and ‘process corruption’ (42%).
Key demographic findings of the study include the following:
The majority of insider cases in the study were self-initiated (76%) rather than as a result of deliberate infiltration (6%). The individual saw an opportunity to exploit their access levels once they were employed rather than seeking employment with the intention of committing an insider act.
The CPNI research shows that the reasons why people undertake insider activity are complex. It’s relatively common for insiders to have more than one motivation for their criminal activity, with a third of the cases outlined in the study being identified as having more than one motivating factor.
Although financial gain (at 47%) was the single most common primary motivation, ideology (20%), a desire for recognition (14%) and loyalty (14%) were also found to be quite common motivations.
The research also highlights a clear pattern in the relationship between primary motivation and the type of insider incident. Ideology and a ‘desire for recognition’ were closely linked to the unauthorised disclosure of sensitive information, while financial gain was most closely linked to ‘process corruption’ or affording access to assets.
Countering ‘The Insider Threat’
Analysing the crime profile of insiders is key to the ‘holistic’ approach that the CPNI advocates, with an organisation’s security teams, Human Resources personnel and line managers working together in order to identify a potential problem.
Such a strategy is needed because most insider acts are perpetrated by employees who, until only three or four weeks previously, had been perfectly loyal and committed. The change from a trustworthy employee into someone who feels disgruntled and motivated to damage the organisation can be triggered by a negative workplace experience which alters the employee’s attitude towards the organisation.
Thereafter, the employee often displays social ‘cues’ of dissatisfaction which are visible to their colleagues and immediate managers. The employee may also behave differently in terms of the information, systems and either sites or assets they access and retrieve.
A key issue in terms of countering insiders is that most criminal acts occur because agreed security processes are not followed and maintained. Effective measures can be summarised as follows:
Simon Chapman is Managing Director of Lodge Service