Does my company need to be more proactive about insiders during hard times?

Simply put - yes. Given stressful situations, people are more likely to partake in risky activity, malicious, criminal or otherwise. While there is no technological panacea, technology can help in detecting the early warning signs of nefarious activities on the network. But instead of just discussing the technology, let's take a closer look at things from a human perspective to understand the non-technical drivers, and why given today's "hard times" it is of even greater importance to be even more proactive with regard to monitoring nefarious insider activity.

I'm not a criminal psychologist, but several have conducted research in this area. Mike Gelles, formerly of the Naval Criminal Investigative Service (NCIS), wrote an excellent paper called Exploring the Mind of the Spy. In it, he examines the personalities of insiders, looking beyond the traditional areas of opportunity, motive, and ability that are generally associated with criminal activity.

Dr. Gelles cites three criteria that can lead to the transformation from loyal employee to malicious insider:

* A personality or character weakness
* A crisis - personal, financial or career
* The absence of assistance during a crisis.

While we won't examine these items in depth, it is clear that we are in the midst of a national financial crisis that has led to personal crises for many individuals affected by the situation - many of whom now have no place to turn for assistance. These individuals may be facing a layoff, a significant drop in the value of their retirement investment portfolio, a foreclosure or significant credit-card debt, all of which can result in increased stress. This stress in turn may also put extra strain on personal relationships. This spiraling situation may put some people in a desperate position, which may lead them to act in nefarious ways.

Given these tough times and their potential consequences, early detection and response are important to protecting valuable corporate assets that may be the target of illegal activity. Technology solutions are available that focus on the needed detection and response. One is security information and event management (SIEM), which is designed to among other things monitor the activity of an organization's IT environment and detect early warning signs of nefarious insider activity.