iac-education
iac-education

News

Back to News

Staff Crime and Combating 'The Insider Threat'

By Brian Sims | 11th May 2016

Staff Crime and Combating 'The Insider Threat'

This interesting article was originally published on the Risk UK site.

‘The Insider Threat’ is a hot topic of concern both for the Security Services and for security and risk professionals working within major public and private sector organisations. Setting up effective counter-measures for staff crime – whether the motivation for such criminality be financial gain, a warped ideology or pure malice – is only possible, writes Simon Chapman, when we understand the demographics of employees with criminal intent (and, indeed, their targets).

The statistics show that insider crime is very much on the increase, and certainly in the retail sector. In fact, its prevalence was highlighted in the annual Retail Crime Survey for last year produced by the British Retail Consortium (BRC). The BRC notes that thefts by employees accounted for 6% of all retail crime, representing an increase of 2% on the previous year. The average cost per incident was totalled at £1,114, which is three times more than that realised as a result of theft by customers.

Given both the loss of trust involved in employee theft and the relatively high value of the crime itself, the BRC has commented that it’s “surprising” fewer than 50% of such insider incidents were reported to the police.

Threat analysis

Another study, this time conducted by the Centre for the Protection of National Infrastructure (CPNI), provides us with even more detailed analyses. This study considers the results of some 120 UK-based insider theft cases unearthed in both the public and private sectors.

The research identifies the most frequent types of insider activity as being the unauthorised disclosure of sensitive information (47%) and ‘process corruption’ (42%).

Key demographic findings of the study include the following:

  • Significantly more males (82%) engaged in insider activity than females (18%)
  • 49% of insider cases occurred within the 31-45 years of age range. Instances of insider cases increased with age until they peaked within this category and then decreased beyond the 45 years of age level
  • The majority of insider acts were carried out by permanent members of staff (88%). Only 7% of cases involved contractors and 5% either agency or temporary members of staff
  • The duration of the insider activity ranged from less than six months (41%) to more than five years (11%). More than half of the cases were identified within the first year
  • 60% of cases involved individuals who had worked for their organisation for less than five years

The majority of insider cases in the study were self-initiated (76%) rather than as a result of deliberate infiltration (6%). The individual saw an opportunity to exploit their access levels once they were employed rather than seeking employment with the intention of committing an insider act.

The CPNI research shows that the reasons why people undertake insider activity are complex. It’s relatively common for insiders to have more than one motivation for their criminal activity, with a third of the cases outlined in the study being identified as having more than one motivating factor.

Although financial gain (at 47%) was the single most common primary motivation, ideology (20%), a desire for recognition (14%) and loyalty (14%) were also found to be quite common motivations.

The research also highlights a clear pattern in the relationship between primary motivation and the type of insider incident. Ideology and a ‘desire for recognition’ were closely linked to the unauthorised disclosure of sensitive information, while financial gain was most closely linked to ‘process corruption’ or affording access to assets.

Countering ‘The Insider Threat’

Analysing the crime profile of insiders is key to the ‘holistic’ approach that the CPNI advocates, with an organisation’s security teams, Human Resources personnel and line managers working together in order to identify a potential problem.

Such a strategy is needed because most insider acts are perpetrated by employees who, until only three or four weeks previously, had been perfectly loyal and committed. The change from a trustworthy employee into someone who feels disgruntled and motivated to damage the organisation can be triggered by a negative workplace experience which alters the employee’s attitude towards the organisation.

Thereafter, the employee often displays social ‘cues’ of dissatisfaction which are visible to their colleagues and immediate managers. The employee may also behave differently in terms of the information, systems and either sites or assets they access and retrieve.

A key issue in terms of countering insiders is that most criminal acts occur because agreed security processes are not followed and maintained. Effective measures can be summarised as follows:

  • Make sure there’s a strong and ongoing personnel security regime in place. This includes completing personnel security risk assessments using an independent service provider and having robust pre-employment screening checks underpinned by schemes such as the Employer’s Mutual Protection Service (EMPS)
  • Carry out regular security audits and risk assessments. These should include testing all points of vulnerability within the site perimeter. For larger premises, it’s always the case that covert checks are useful. Make use of ‘undercover’ security personnel to test internal processes and examine behaviours
  • Ensure suitable security clearances and access privileges so that you can restrict entry to sensitive and vulnerable areas on site. Only relevant staff should be allowed to enter a specific IT room, for example
  • The ‘triangulation’ of security provision provides more secure protection, combining for example access control systems with CCTV and dedicated security guarding. Manage your central monitoring remotely and off-site to protect both systems and personnel integrity
  • Secure your supply chain. Retailers and manufacturers may be vulnerable when it comes to the transportation, delivery and storage of goods. Effective management and monitoring is available by employing GPS for those vehicles in transit, with remote access monitoring and control for deliveries conducted out of hours.

Simon Chapman is Managing Director of Lodge Service