Workers who sabotage corporate systems are almost always IT workers who exhibit specific negative office behaviour according to recent research.
That is the conclusion of the US military in conjunction with Carnegie Mellon University’s Software Engineering Institute Computer Emergency Response Team (CERT) program, which together analysed insider cybercrimes across a variety of critical industry sectors.
The research suggests that potential troublemakers should be easy to spot. Nearly all the cases of cybercrime investigated were carried out by people who were "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly".
According to the research, 86% of those who committed cybercrimes held technical positions and 90% had system administrator or privileged system access. Almost half (41%) of those who sabotaged IT systems were employed at the time they did it but most crimes were committed by insiders following termination. Most incursions (64%) involved virtual private networks (VPNs) and old passwords that had never been terminated, highlighting a lack of security controls and gaps in their organisations’ access controls.
As a result, Carnegie Mellon has developed a methodology that it said can help detect insider threats as early as possible, involving management, IT, human resources, security officers, and others who "must understand the psychological, organisational, and technical aspects of the problem, as well as how they coordinate their actions over time".