Understanding Your Threat from Within
In today’s interconnected world, businesses face numerous challenges in protecting their valuable assets. Whilst external threats like cyber-attacks and physical breaches often dominate the headlines, one area that deserves equal attention is the risk posed by the beating heart of organisations: their workforce.
The psychology of insider risk delves into the motivations, behaviours, and mindset of individuals within an organisation who pose a threat to its security. In this blog, we will explore the intricate dynamics behind mental health and insider risk, shedding light on why it is essential for organisations to understand this aspect of security.
Who We Are
At Signpost Six, we are a team of experts who assist organisations in protecting their assets and employees before the demands of modern society derail them psychologically. With mental illnesses increasingly stigmatised and economic and professional challenges affecting a growing number of individuals, insider risk has been on the rise. By examining the psychology behind insider risk, organisations can proactively identify, manage, and mitigate potential threats whilst also improving the working culture and environment for their employees.
The Role of Mental Health in Insider Risk
Many individuals who perpetrate insider acts suffer from a personal predisposition, following Shaw and Seller’s critical pathway to insider risk. These can include a history of psychiatric disorders such as anxiety or depression, and maladaptive personality traits like narcissism, usually imprinted through difficult and traumatic events and upbringings. Organisations must, of course, conduct thorough screening to identify whether a candidate has a history of rule violations, for example, which are becoming increasingly common but also increasingly regulated.
Case Studies
There are several instances where the perpetrators had shown clear personal predispositions towards potentially committing an insider act. Aaron Alexis, a former Navy reservist, and then a Navy sub-contractor, murdered 12 individuals at a Navy base after being reported for various instances of paranoia and actively seeking psychological help. Another case is that of Chelsea Manning, who leaked thousands of sensitive military documents via WikiLeaks. Manning had a troubled childhood, suffered from gender dysphoria, and had been referred to an army mental health counsellor.
Stressors
Another component of the critical pathway involves stressors. These are a series or instances of events which can trigger a personal predisposition and lead individuals to act irrationally and display concerning behaviour. Here, we will focus on professional stressors. Such stressors, including redundancy, low pay, and frequent organisational change, can trigger grievances towards an (ex-)employer or colleagues. For example, studies have found that in 78% of cases of insider espionage, the perpetrator experienced a negative work-related event.
Case Studies
Ricky Joe-Mitchell represents a case fuelled by professional stressors. After learning he had been made redundant, Mitchell reset his employer’s (EnerVest) server to factory settings, halting communication and operational activities for 30 days, amounting to a cost of £1 million. Ian Parr represents another similar case, where a redundancy notice led him to a “moment of madness to strike out at his employers“, attempting to transfer sensitive military knowledge to foreign clandestine services.
The Cost of Ignorance
However, even without the occurrence of an insider act, the reputation of an organisation can be at risk if a poor working environment is cultivated. Overwhelmed with work, an EY employee took her own life after having to return to work following an after-hours drinks session. An independent review triggered by this shocking event found that 15% of employees suffered from corporate bullying, 10% experienced sexual harassment, and more than 20% considered leaving due to long working hours. More notably, employees expressed a complete lack of trust in reporting mechanisms for personal or professional stressors.
Countermeasures
Redefining and changing our perspective on the role that mental health and psychology play in insider risk is a crucial step organisations must take to secure their assets and people. By creating greater awareness of mental health and crafting a safe space for employees to come forward with challenges they may be facing, the likelihood that personal predispositions or stressors become critical security risks for organisations can be significantly reduced. Coupling this with creating a security-conscious culture, implementing robust security measures, and leveraging technology all contribute to minimising the potential harm caused by insiders. By adopting a comprehensive approach that combines human understanding with technological solutions, organisations can safeguard their assets, reputation, and future growth in an increasingly complex threat landscape.
Take the Next Step in Insider Threat Mitigation
Concerned about insider threats within your organisation?
Book a meeting with our experts today to develop a tailored strategy that safeguards your organisation's integrity and intellectual property
Book a Meeting
Author: Lucas Seewald
Marketing Specialist
lucas.seewald@signpostsix.com
Author: Enrico Henriksson
Insider Risk Intern
enrico@signpostsix.com