Identifying High-Risk Employees to Prevent Insider Cyber Attacks

A significant percentage of cyber attacks perpetrated against organizations come from within. Compared to hackers who may gain entry to a company’s internal network and resources from the outside, these insiders are in a position to do more harm because, being employees, they already have access to internal systems, data, and sensitive information. They are familiar with the inner workings of their companies. Their insider knowledge allows them to inflict significant damage in a short amount of time. Recognizing behaviors often observed in those who attack from within can be one way to identify current employees who pose a risk before they carry out an attack. Additionally, there are some training, communications, and hiring strategies organizations can implement to reduce the overall likelihood of future attacks.

Common Traits

Inside attackers are often employees who have a record of routinely violating company policies, failing to get along well with coworkers, and expressing their displeasure with how they are treated on the job. They may tell others in the workplace that they have not been treated fairly or that their expectations regarding promotions or salary have not been met. They may refuse to comply with training requirements. Potential inside attackers may even post threats against their companies on their personal social media accounts.

Why Technical Security Controls are Not Enough

In many cases, insider cyber attacks are not detected until information security personnel are alerted by monitoring systems that unusual activity has occurred. By the time this happens, significant damage may have already been done. Technical security controls can only do so much to prevent these attacks, especially when the perpetrator has login credentials and access to restricted areas. This is why proactive strategies and policies are needed to identify those employees who pose a risk.

The Role of Human Resources

Human Resources is the one department where all personnel information is centralized. Information regarding employees’ disciplinary problems, complaints, denials of applications for promotions, and other records could be routinely reviewed and evaluated by HR professionals to identify employees who may pose a security risk. HR personnel could then follow up with those employees’ supervisors to determine whether additional action is warranted.

Limiting Access and Permissions of High-Risk Employees

Information security personnel could be called upon to evaluate the access and permission levels assigned to employees identified as high-risk in order to ensure they do not have access to systems or data that is not required to perform their duties. Role-based access control is an information security best practice. By restricting an employee’s access to only those resources required for that employee’s job, the potential to do harm is minimized.

Workforce Training and Reporting Policy

Educating the workforce by providing insider threat and information security training will let other employees know what warning signs to look for in the behavioral patterns of their coworkers. A clear policy for confidential reporting of problematic behavior to supervisors and HR will allow employees to voice their concerns without fear of retaliation.

Screening Potential New Hires

In order to minimize the threat of insider attack when hiring new employees, hiring managers and HR personnel should certainly be wary of warning signs during interviews. A potential employee’s negative comments about a previous employer or statements regarding problems getting along with past coworkers would be reason for concern. A review of the potential employee’s social media accounts may reveal issues as well. Verifying the accuracy of the information in a potential employee’s resume and contacting references are also important, as is conducting criminal background checks and contacting previous employers for information that would indicate a potential for problems.

Inside attackers often exhibit certain traits and behavioral patterns that may allow employers to identify them and take action to prevent attacks or at least mitigate their impacts. Knowing what to look for, involving Human Resources, department heads, and managers, and developing a culture of awareness in the workforce will increase the likelihood that attacks will be averted. Ensuring that new applicants are sufficiently screened will lessen the possibility of hiring employees who may later pose a threat.