What drives malicious insiders to actively steal and spy

Contributed Article
November 15, 2020 6:09 am
Matt Walmsley, EMEA Director, Vectra.

Analysing the psychological underpinnings of an insider threat case is a complex undertaking because there is little evidence and scant public data about insider threat incidents.  The fraud triangle theory focuses on the triggers that lay the groundwork for the insider to turn. In contrast, the multiple life-stage model considers a much longer timeline, including the period before, during and after an attack. Similar to the fraud triangle, the multiple life-stage model starts off with sensitisation and stress stages. Hurtful experiences in childhood may scar and sensitise, but do not necessarily lead to insider spying.

Beware of the personal bubble

In the fraud triangle, when the rationalisation of potential spying or theft kicks in, the insider creates a personal bubble within which everything makes perfect sense and the actions are clear and justified. A possible sense of inner failure to face climactic stress is denied and blame is projected outwards to colleagues, the workplace or life circumstances.

The insider creates a plan of payback within the personal bubble, where money problems are solved and pressures are relieved through one simple, completely justified action. At this stage, if a third party is involved in the insider spying or theft, little or no recruiting effort is needed because the insider reaches out and self-recruits in an effort to relieve the inner pressure. The climax and decision typically occur within a short timeframe of 1-2 months.

Honeymoon and a cold shower

Once the decision is made, the malicious insider enters the honeymoon phase where there is a feeling of relief and resolution of financial pressures, work stresses or family problems. Everything makes perfect sense now within the personal bubble.

However, once the pressure is relieved, reality kicks in. The personal bubble was created and decisions were made while the insider felt intense inner pressure. Once these pressures are relieved, the reasoning that made complete sense earlier is suddenly hard to follow. The insider is left with a shocking cold-shower sense of what was I thinking!

No way out

There is no way back for the malicious insider. Because the decision to steal confidential information or spy on an organisation is highly unacceptable and punishable by law, the insider has no way back to the old reality of a normal life.

Malicious insiders will actively steal and spy for some time and might enter what is called a dormancy stage, where there is no activity. For some, the public revelation of their actions might constitute a demonstration of their technical abilities and sophistication. For others it’s another shameful point of failure in life.

The final stage of punishment, which in most cases involves imprisonment, is often the first time they reflect on their actions. Previously torn between comparison to others, life pressures, and opportunities, isolation will eliminate these distractions and provide a more realistic view into the insider’s life, poor choices and consequences.

Matt Walmsley, EMEA Director, Vectra.
Matt Walmsley, EMEA Director, Vectra.

Key takeaways

  • Hurtful experiences in childhood may scar and sensitise, but do not necessarily lead to insider spying.
  • The insider has no way back to the old reality of a normal life.
  • Malicious insiders will actively steal and spy for some time and might enter what is called a dormancy stage.

 

Tags: