Senior Staff Immune from Insider Threat Finger-Pointing

Senior Staff Immune from Insider Threat Finger-Pointing

Originally Published on this site

Senior Staff Immune from Insider Threat Finger-Pointing

Senior Staff Immune from Insider Threat Finger-Pointing 1

Research into insider threats has found that employees are so reticent to snitch on bosses they suspect are threat actors that senior staff are virtually immune from being reported.

Researchers at Red Goat Cyber Security questioned 1,145 participants across a range of roles, countries, and industries to gain insight into insider threat reporting practices. Respondents were asked how likely they would be to report colleagues, friends, new staff, senior staff, and contractors as threat actors in five different suspicious scenarios. 

Scenarios included observing withdrawn behavior in the person and becoming aware that the person had criticized the company on social media. 

The data gathered revealed an overall reluctance to report friends and colleagues irrespective of the severity of their actions. And even in the fifth and most potentially damning scenario—clocking that a person was keeping strange hours and bringing unauthorized people into the business—only 14% of respondents said they would report a senior staff member. 

Employees were most likely to report suspicious behavior observed outside their immediate tribe. When it came to scenario five, 96% of respondents would rat on new staff, and 97% would point the finger at a contractor. 

Piers Shearman, partner at Red Goat Cyber Security, said the results indicate “that the people with the most authority and the most access to data will not be reported if they abuse their position.”

With a rise in the number of companies falling victim to insider threats, this new research exposes a problem destined to become more serious. According to research carried out by Verizon, the percentage of companies hit by insider attacks increased from 26% in 2016 to 34% in 2018.

Insider threats are not only hard to spot—who hasn’t appeared withdrawn at work at some point?—but the majority stem from accidents, negligence, and staff unwittingly being taken in by phishing scams. 

Asked how businesses can neutralize insider threats, Shearman said: “Make sure HR are heavily involved in any insider threat program you implement. Provide staff with adequate training on detection of concerning behaviors, why they are concerning, and how to report them. 

“The key point to note when it comes to monitoring behavior is to be able to identify significant and sustained changes in someone. This requires a holistic view and needs to be handled sensitively too.”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)