Why do People Cheat?
To understand the insider threat, one must understand “why do people cheat?”
If you were to ask question elementary school students, it’s simple: they didn’t think they’d get caught. However, this differs from intent – that is nearly always about personal gain. In the case of students, they want to get good grades, or keep their parents off their back. Some have more simple reasons – they don’t want to feel insecure. In this simple case, the risk/reward equation is skewed towards reward – very few cheaters get caught.
For cybersecurity and risk professionals, we have to understand motivation to detect cheating, before it happens.
The Types of Insiders
According to Gartner, there are three desires of insiders: second streamers, saboteurs, and career launchers. These overlay on the types such as goofs, pawns, collaborators, and lone wolves. The desires, starting with second streamers are common in government, procurement, and roles which process money. They could use traditional theft or cyber with insider action – motivated by greed. For example, a treasurer redirecting payments to their personal accounts. These folks work alone – as lone wolves – and often continue until they get caught.
Career launchers have an end goal in mind – get another job, or accelerate their success at a new employer. The must collaborate to kick off new companies, and become the most widely publicized insider cases, since they often result in lawsuits between companies. This week, Tesla sued Rivian for using the intellectual property stolen by its former workers. Further back, Uber sued Google (Waymo), and in 2009, in an oft-forgotten case between Starwood Hotels and Hilton, former Starwood employees attempted to start the “Denizen” brand to mimic W Hotels (interestingly, this was a trap set by Starwood). In each of these situations, ex-employees violated confidentiality and non-compete agreements.
The saboteurs are fast becoming the most financially destructive group. They are driven by anger, political motivation, and hatred – it is rare to see any personal gain from their actions. Even in cases where they disrupt business to allow others to succeed, the only way they see “gain” is if they’re a hired computer hacker. Cyber professionals should be weary of social justice – “ethical” saboteurs now have a powerful excuse that they’re doing it for a greater good. This is troubling.
To Catch a Thief
With a flight to “work from anywhere” (and on the heels of “work from WeWork”), detecting insiders through accidental slip-ups and human nature has hindered detection dramatically over the past year.
Career launchers are often the most egregious to detect, either through missteps or human nature. Now that people can hide behind their home internet and switch computers, phones, and tablets, the ability to catch someone in the act is troublesome.Same holds for second streamers. No office mate is lurking in the kitchen, and fast internet allows people to double- or triple-dip anonymously.
Ultimately, more advanced techniques are required. But these come at a massive expense to buy, implement, and operate.
There is a Better Way
Trying to find these bad actors is nearly impossible. Social media monitoring – including Twitter – is like locating a star in the far reaches of the universe. We need to plug the gap (prevent) people from having access in the first place, or after their access (should) expire. What happens if we do not do it? It will come back later to haunt us. And organizations do not want to find out the damage to their reputation, the cost to repair, or the hassle to remediate. (More to come on this topic, in subsequent blogs.)
YouAttest automates the creation and review of these access reviews. To learn more about YouAttest, please register for our next webinar, Insider Theat and Access Reviews. Or write us @ firstname.lastname@example.org.