Hard times mean more problems with insider security issues

Does my company need to be more proactive about insiders during hard times?

Simply put - yes. Given stressful situations, people are more likely to partake in risky activity, malicious, criminal or otherwise. While there is no technological panacea, technology can help in detecting the early warning signs of nefarious activities on the network. But instead of just discussing the technology, let's take a closer look at things from a human perspective to understand the non-technical drivers, and why given today's "hard times" it is of even greater importance to be even more proactive with regard to monitoring nefarious insider activity.

I'm not a criminal psychologist, but several have conducted research in this area. Mike Gelles, formerly of the Naval Criminal Investigative Service (NCIS), wrote an excellent paper called Exploring the Mind of the Spy. In it, he examines the personalities of insiders, looking beyond the traditional areas of opportunity, motive, and ability that are generally associated with criminal activity.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Does my company need to be more proactive about insiders during hard times?

Simply put - yes. Given stressful situations, people are more likely to partake in risky activity, malicious, criminal or otherwise. While there is no technological panacea, technology can help in detecting the early warning signs of nefarious activities on the network. But instead of just discussing the technology, let's take a closer look at things from a human perspective to understand the non-technical drivers, and why given today's "hard times" it is of even greater importance to be even more proactive with regard to monitoring nefarious insider activity.

I'm not a criminal psychologist, but several have conducted research in this area. Mike Gelles, formerly of the Naval Criminal Investigative Service (NCIS), wrote an excellent paper called Exploring the Mind of the Spy. In it, he examines the personalities of insiders, looking beyond the traditional areas of opportunity, motive, and ability that are generally associated with criminal activity.

Dr. Gelles cites three criteria that can lead to the transformation from loyal employee to malicious insider:

* A personality or character weakness
* A crisis - personal, financial or career
* The absence of assistance during a crisis.

While we won't examine these items in depth, it is clear that we are in the midst of a national financial crisis that has led to personal crises for many individuals affected by the situation - many of whom now have no place to turn for assistance. These individuals may be facing a layoff, a significant drop in the value of their retirement investment portfolio, a foreclosure or significant credit-card debt, all of which can result in increased stress. This stress in turn may also put extra strain on personal relationships. This spiraling situation may put some people in a desperate position, which may lead them to act in nefarious ways.

Given these tough times and their potential consequences, early detection and response are important to protecting valuable corporate assets that may be the target of illegal activity. Technology solutions are available that focus on the needed detection and response. One is security information and event management (SIEM), which is designed to among other things monitor the activity of an organization's IT environment and detect early warning signs of nefarious insider activity.

SIEM looks across multiple things:

* IT infrastructure - firewalls, intrusion prevention, network gear, VPNs and physical security controls like badge readers, video analytics and RFID;

* Applications - custom, commercial, Web and non-Web-based applications;

* Identity management - LDAP, Active Directory and IDM solutions developed by companies like SUN and Oracle;

* Sensitive data - databases and file servers

Such a wide and deep perspective of the organization's environment can help address many key questions:

* Who did it?
* Should they be doing it?
* How was it done?
* What was impacted?
* Who else might be involved?
* How long has this activity been occurring?
* What else are these individuals doing?