Workers who sabotage corporate systems are almost always IT workers who exhibit specific negative office behaviour, according to recent research.
That is the conclusion of the U.S. military in conjunction with Carnegie Mellon University’s Software Engineering Institute Computer Emergency Response Team (CERT) program, which together analyzed insider cybercrimes across a variety of critical industry sectors.
The research suggests that potential troublemakers should be easy to spot.
Nearly all the cases of cybercrime investigated were carried out by people who were “disgruntled, paranoid, generally show up late, argue with colleagues and generally perform poorly.”
According to the research, 86 per cent of those who committed cybercrimes held technical positions and 90 per cent had system administrator or privileged system access.
Almost half — 41 per cent — of those who sabotaged IT systems were employed at the time they did it. Most crimes, however, were committed by insiders following termination. Most incursions — 64 per cent — involved VPNs and old passwords that had never been terminated, highlighting a lack of security controls and gaps in their organizations’ access controls.
As a result, Carnegie Mellon has developed a methodology that it said can help detect insider threats as early as possible, involving management, IT, human resources, security officers and others who “must understand the psychological, organizational and technical aspects of the problem, as well as how they coordinate their actions over time.”