A 2006 study from Carnegie Mellon’s Computer Emergency Response Team (CERT) center examined the psychological, technical, organizational and contextual factors that lead to insider sabotage. CERT made six critical observations about IT staffers who attack their own organizations. So you could be in trouble if you’ve got:
1. Problem children. Most saboteurs have personal problems (debt, alcoholism, anger and impulse control difficulties) that contribute to their malicious acts.
2. Organizational disruption. In most cases, stressful events, including run-ins with the boss, reorganizations and organizational sanctions, precipitate insider IT sabotage.
3. Bad attitudes. Behaviors to worry about include tardiness, argumentativeness, poor job performance and security violations. These are often observed before and during insider IT sabotage.
4. Insecure systems. Before sabotage occurs, insiders often do things like create unauthorized backdoor accounts. Acts such as those should put you on alert.
5. Dicey downloads. If you discover someone downloading password crackers, chances are, he’s going to use them.
6. Missing locks. Sabotage is facilitated by lack of controls for physical access (to rooms or buildings) and electronic access (to computing and network resources). 079643
