Rome did not collapse due to external enemies but due to inward corruption. In the same way, IT companies can collapse from threats from within. Employees or former employees have the access needed to sabotage an entire information system, if the administration is not careful. So how do IT companies avoid such risks? The answer is not so much in dealing with security in the network, since high-level access will still have to be granted to somebody. It is more of keeping the relationship of the employee to the company intact, and knowing when that relationship has come to an end, as in the case of resignation or termination.
There are symptoms of possible insider threats, and they can be recognized by the employee's behavior. The following is a list of these symptoms, which may not be comprehensive but helpful:
- Sensitivity to criticism & needs for attention
- Chronic frustration & feeling unappreciated
- Difficulties controlling anger with bursts of inappropriate temper
- Chronic sense of victimization or mistreatment
- Chronic grudges against others
- Grandiose/above the rules
- Subject is avoided by others or they “walk on eggshells” around him or her
- Bragging, bullying, spending on fantasy-related items
- Compartmentalizes
- Lack of conscience, impulse control, empathy for others, social impact
One symptom may not mean that the employee is a threat, but these have to be kept in check by supervisors. The critical point in time when employees can become a threat is when they resign. Such is the case when the employee has access to internal systems from an external location, such as his house, a garage, or a Wi-Fi cafe'. Restricting or limiting access to the system is vital when an employee resigns from the company.
An employee is responsible for his or her own behavior. There are factors however, that will influence the employee towards a certain direction. Management does have a responsibility in maintaining company morale so it doesn't produce disgruntled employees.
A sabotage can occur in the form of a logic bomb. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as the salary database), should he ever leave the company.
Manage your employees well. Maintain those relationships that will foster cooperation between labor and management.
References:
- A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage, http://www.cert.org/cert/
- Logic Bomb definition, http://en.wikipedia.org/wiki/Logic_bomb
