GCU hosts major seminar on 'Insider Threat' in the workplace
Security experts from major public and private sector organisations have examined the threat posed by rogue employees at a seminar hosted by Glasgow Caledonian University.
Counter fraud specialists, forensic accountants, and cybersecurity technicians joined academics and researchers from the US and UK who specialise in the area of Insider Threat mitigation.
Insider Threats can range from accidental disclosure of confidential information, misuse of social media and petty theft, through to fraud, corruption, bribery, and industrial espionage.
A study of 1600 cases, carried out by Carnegie Mellon University CERT/SEI, in Pittsburgh, which was represented at the conference, shows disgruntlement, financial pressure and coercion are common themes in many of the cases.
Professor Rona Beattie, from Glasgow Caledonian University, said: "There is the potential for employees for a range of reasons to pose a threat to their organisation from innocently, though carelessly, disclosing data, perhaps in response to emails or in social media, to more malevolent acts such as fraud or embezzlement.
"Good employee health and wellbeing programmes, line manager training and HRM support can prevent what is fundamentally a welfare issue becoming as Insider Threat which could cause significant reputational and financial damage."
Research produced by Professor Beattie and Dr David BaMaung calls on HR departments to implement on-going performance reviews, mentoring schemes, wider pre-appointment vetting and updated background checks when promotions are offered, to mitigate the risks.
Dr BaMaung, who works for the Specialist Crime Division at Police Scotland and is an Honorary Professor at GCU, said: "Combating the threat from insider activity is a constantly evolving challenge.
"Key to this is understanding your threat, and developing a holistic response to it including involvement from Human Resource Management, risk, and security functions, as well as line and senior managers. Organisational culture is also key to the development of a sustainable solution to mitigate against insider vulnerability."
Andy Moore, from CERT/SEI, provided a keynote presentation on the use of Positive Incentives to mitigate against Insider Threat. Another keynote presentation was provided by Shannon Wasko, John Hopkins Applied Physics Lab, on the US SCITE Insider Threat programme.
The day-long research seminar was chaired by retired Detective Chief Superintendent John Cuddihy, former Head of Crime and Counter Terrorism at Police Scotland.
Mr Cuddihy said: "Insider threat is a corruption enabler. It is a whole of society problem, requiring of a whole of society approach. It manifests itself through the exposure and exploitation of an individual's or organisations vulnerabilities.
"No one person or organisation is immune from experiencing difficulties in life, however by developing and building trust between the employee and the employer we will better protect ourselves against this threat.
"Addressing the problem is about first recognising that Insider Threat is a risk that has to be managed and mitigated. The best vehicle for delivering this culture of trust is Human Resource Management, and if approached in this way, will serve to enhance the safety, health, and well-being of the staff and the organisation."