Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour


Published on

Serious threats to private and governmental organizations do not only come from the outside world, but also come from within. Some employees and contractors with legitimate access to buildings, networks, assets and information deliberately misuse their priviledged access to cause harm to their organization. What are the reasons behind their actions? Is it debts, greed, ideology, disgruntlement, or divided loyalty?

Regardless of their motivations or vulnerabilities, traitors have very similar types of personality and display a certain pattern of behaviours before committing an insider incident. As a prevention measure, it is vital that organizations and employees understand, recognize and detect the common indicators of insider threat. Would you recognize the signs?

Mario Vachon is an Insider Threat Security Specialist with the RCMP Departmental Security Branch.

Published in: Technology
  • Be the first to comment

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour

  1. 1. Insider ThreatInsider Threat «HUMAN«HUMAN BEHAVIOUR»BEHAVIOUR»Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist RCMP Departmental Security Branch Cybera Cyber Summit Using Technology Responsibly Banff, Alberta October 27, 2016
  2. 2. A National Strategy Built Upon Four PillarsA National Strategy Built Upon Four Pillars «Building a Culture of Security»«Building a Culture of Security» Protected B
  3. 3. “The thief who is the hardest to detect and who can cause the most damage is the insider. It is the employee with legitimate access” US Federal Bureau of Investigation (FBI) “Who has the most knowledge about your organization, its vulnerabilities and the value of its information? Those inside or outside? Clearly employees are well placed to compromise your data” Dr. S. Kabilan, Conf. Board of Canada A Trusted EmployeeA Trusted Employee
  4. 4. Percentage by User Group 55 46 43 35 28 Figure 1: The Largest Risk to an Organization Insider Threat Who Poses the Biggest Threat? 55 46 43 28 35 25 2015 Vormetric Insider Threat Report Privileged Users Contractors / Service Providers Business Partners Ordinary Employees Executive Management Other IT Staff From Left: Edward Snowden, Chelsea Manning & Jeffrey Delisle
  5. 5. Insider Threat Understanding the Traitor / Mole / Spy • They changed over time • Almost all were trustworthy and loyal when first given a security clearance (security screened, interviewed, polygraphed) • Majority volunteered their services to a foreign government. They were not enticed, persuaded, manipulated or coerced 70%70% •Mostly male, 30 to 50 years old •Middle management •Emotional, personal crisis •Unhappy  •Work frustrations 30%30% •Mostly male, 20 to 26 years old •Entry to low management •Immature, impulsive, •Unhappy  •Ideological view, whistle-blower The usual suspects are …
  6. 6. Insider Threat The Usual Suspects … with access to facilities and networks … with access to sensitive information and ideological views, marital, financial difficulties and/or substance abuse … with privileged access 80% vs 20%
  7. 7. Detection of Risk Indicators 2016 - Sgt. Mario Vachon, M.Sc. RCMP Insider Threat Security Specialist Insider Threat Pathway to Commit an Insider Attack 1. Personality Disorders 2. Stressors 3. Concerning Behaviours Intention Volition
  8. 8. Insider Threat Antisocials Psychopaths Opportunists 1. Personality Disorders / Predispositions Narcissists
  9. 9. 2. Stressors • Financial Pressure / Poor Financial Responsibility /Greed • Life Crisis Personal / Marital / Family / Death / Illness • Work Issues Frustration / Cynicism / Vengeance / Grudge / Injustice Spite / Disgruntlement / Conflict / Disappointment • Legal Issues Administrative / Civil / Criminal Insider Threat
  10. 10. 3. Concerning Behaviours • Personal Conduct Immature / Violence / Immoral / Bias / Retaliatory / Deviant / Dishonest / Lack of Integrity / Manipulative / Impulsive / Poor Judgment / Security & IT Policy Violations • Divided Loyalty Political / Country / Association / Social Network / Employer • Ideological Radicalization / Religion / Terrorism / Beliefs • Egotistical / Entitlement • Exploitable / Vulnerable Lifestyle Alcohol / Drug / Gambling / Sexual Paraphilia Insider Threat
  11. 11. UK Insider Threat Study 5 Types of Insider Activities5 Types of Insider Activities Insider Threat 2013 CPNI Insider Data Collection Study Centre for the Protection of National Infrastructure Unauthorized Disclosures Corruption Facilitation of Third Party Access Physical Sabotage IT Sabotage / HackingIT Sabotage / Hacking Male Age 60% committed by employees with less than xx years of service 82% 31 - 45 Permanent Employees 88% > 5 years Primary MotivationPrimary Motivation 20% 47% 14% 14% Financial Ideology Recognition / Ego Loyalty Self-Initiated 76% Female 18%
  12. 12. Insider Threat Can you find the Insider? Photo by: Don Tudd Topsy Farms, Ontario
  13. 13. Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist Departmental Security Branch Royal Canadian Mounted Police (613) 843-5557 «Detection of Risk is useless without Resolution of Doubt»«Detection of Risk is useless without Resolution of Doubt»