An Oil and Gas company experienced an outing of one of its servers which completely paralysed its email system. The detection of the origin of the outing led to a third party contractor agency in an offshore location. The company was going through major personnel reductions at that location and the subject in question felt badly treated and generally victimised by the organisation. He also believed it was a major mistake to let him go as he believed himself to be an important asset to the organisation. By causing considerable damage, the subject felt he demonstrated his importance and the mistake the organisation has made by letting him go.
The sabotage committed by the subject had mainly an economic impact for the company. However, it could easily have been worse, as such a company deals with very sensitive systems and classified and competitive data. Thus the impact of disgruntled employees could potentially be catastrophic. Apart from the investigation into the derailment of the subject, the company needed a thorough assessment of the wider insider risk issues and gaps across its businesses, countries and contractors.
The first step towards a sustainable solution starts with a baseline assessment of the risk profile of an organisation as a whole and its risk prevention and mitigation readiness. Signpost Six captures this in seven steps of an insider risk scan. This basis provides a tailor made road map for proportionate and risk based improvements within an organisation. For large organisations that deal with sensitive information and experience high risks of insiders (and potentially high impacts), Signpost Six provides ‘top-up’ screening programmes (specifically focusing on personal predispositions or vulnerabilities) and tailor-made e-learning programmes for employee groups who need to be aware of behavioural signs, the path to derailment, and actions to take to alert the organisation. We typically collaborate in such programs with companies that provide online detection solutions.