Malicious insiders may want to sabotage your business – are you at risk?

Tuesday, September 13, 2016

David Biros, associate professor of Management Science and Information Systems

We all know that one employee who’s narcissistic, avoidant and disgruntled, but did you know that one employee could take down an entire company?

The biggest problem in information security for many years has been malicious insider threat. These insiders have the knowledge and the access to organizational resources to easily launch attacks on the host organization, even causing more damaging impact compared to outsiders.

By using a database of problems collected from various business organizations, intelligence agencies and military units, Oklahoma State University associate professor David Biros and PhD student Peter Liang were able to discover some common themes to help pinpoint threats to security.

“In our data set of 700, we used text-mining to analyze more than 133 real-world cases of offenders in various organizational settings to find what malicious insiders look like and found significant characteristics,” Biros said. “A vast majority of the malicious offenders were narcissistic, anti-social, displayed avoidant behavior, were disgruntled and typically had substance abuse issues.”

Their findings, recorded in their research paper, “An Empirical Validation of Malicious Insider Characteristics,” were timely. An independent, nonprofit information security association, ISACA, released a survey of more than 3,000 information security professionals that cited the main concern of organizations was insider threats. In the past, research and data in this area has had little prominent success due to small sample sizes. With Biros and Liang’s results and larger sampling size, research in the field of information security became even more important.

So, what causes insiders to turn malicious on their organization?

“A lot of the times, the insider is disgruntled; they have some emotional issues toward the organization,’ Liang said. “It can vary, but a lot of the times the motivation is money. A foreign government might offer them money to steal information. But a lot of the times, the employee is just so narcissistic and disgruntled about the company that he or she feels the need to ‘get back at’ the organization for inflicting emotional stress.”

“Previous research in the area focused on disgruntlement as the motivation behind the sabotage, but that wasn’t the case in our research,” Biros said. “Actually, when you survey the ‘normal’ population, almost 70 percent of the respondents are disgruntled about their employer. Everyone is disgruntled, but that doesn’t mean they are malicious. Correlation does not always equal causation.”

Their research paper was accepted for publication in the Journal of Management Information Systems. Biros and Liang plan to continue this research by comparing malicious insiders versus benign insiders such as CEOs and presidents of the organization, who may be narcissistic but not malicious.