Behavioral psychologists could do better than IT professionals in stopping insider threats, said two IT security experts at a conference in JP Morgan’s London offices.
“This isn't just a technical issue. A huge amount of our problems relate to human issues,” said one of the researchers according to SC Magazine. The two cited a range of 120 independent cases from 2013 to back their claims. These studies found that 88% of the insiders were permanent employees and nearly half were in management. Money was the primary motivator for 47% of the data leakers followed by another 20% doing it for ‘ideological’ reasons.
The experts pointed out that historically, most inside data leakers were narcissists – for example Edward Snowden and Aldrich Ames. However, their findings focused on malicious insider leaks -- not the accidental data leaks caused by well-meaning employees.
Before running out and adding a psychologist to the company payroll, it is worth thinking about the well-known connection between technology and psychology in data security.
Research by the CERT, the Software Training Institute of the American Carnegie Mellon University, has shown that an insider data breach is often preceded by behavioral signals and unusual use of IT resources. Departing personnel have a well-earned reputation for taking customer lists and other data with them to their new position.
While rooting out any narcissists might be a good idea, there are other, more workable ways to increase the level of data security in your organization.
- Monitor employee activity for any anomalies in data use at the endpoint computer. These can be uncovered by drops in productivity or by changed behavior such as a sudden increase in file uploads.
- Regularly review employee access rights to sensitive data. Studies show that organizations tend to hand out access rights, but not take them away when employees change positions.
And yes, you can do both of these security steps with Safetica.