In the previous post, we examined the motivations and constraints that make an insider 'malicious,' and we saw that external and mental pressure, an opportunity to steal confidential information and rationalization of the potential theft are the factors that contribute for an insider to turn against his employer.
While these three factors are necessary triggers for becoming malicious, there is much more going on in an insider's mind before, during and after an attack. What are the mental stages that a 'turning' insider goes through? And what are potential indicators for each stage?
Analyzing the psychological underpinnings in an insider threat case is a very complex undertaking, particulary because there is very little evidence and publicly available data about insider threat incidents. David L. Charney wrote an interesting white paper providing insights into the true psychology of the insider spy.
Charney is a trained psychiatrist and had the opportunity to interview several highly ranked imprisoned US government insider spies including Robert Hanssen (FBI) and Brian Regan (Air Force). Based on his interactions with several insider spies he developed a multiple life-stage model of the psychology of the insider spy.
It all starts with sensitization and stress
As we have seen, the Fraud Triangle theory focuses on the actual triggers that lay the ground for the insider to turn. In contrast, the multiple life-stage model described here considers a much longer timeline, including the period before, during and after an attack.
Similar to the Fraud Triangle, the multiple life-stage model starts off with sensitization and stress stages. Hurtful experiences in childhood may scar and sensitize, but do not necessarily lead to insider spying. Additional stressors in work and private life (e.g., IRS audit, divorce, demotion) that occur in a short timeframe (6-12 months) may develop into a stress spiral that, along with a deep sense of being underprivileged, may open an individual to certain "opportunities." The actual decision to take action is made when the stress becomes unbearable either in professional or personal life, or both.
Beware of the personal bubble
As we have seen in the Fraud Triangle, when the rationalization of potential spying or theft kicks in, the insider creates a personal bubble within which everything makes perfect sense and the actions are clear and justified. A possible sense of inner failure in facing the climactic stress is denied and blame is projected outwards to colleagues, the workplace or even just life circumstances. The insider creates a plan of "paying back" within his personal bubble, where money problems are solved and pressures relieved through one simple, completely justified action.
At this stage, if a third party is involved in the insider spying or theft, little or no recruiting effort is needed because the insider reaches out and self recruits in an effort to relieve his own inner pressure. The climax and decision typically occur within a short timeframe of 1-2 months.
Sign up for CIO Asia eNewsletters.