The Human Element of Insider Threats: A Strategy to Address Financial Hardship

By Findlay Whitelaw, Senior Director, Insider Threat Program, Solution Engineering

The current global economic outlook remains uncertain. With the war in Ukraine and the cost of living crisis continuing to impact social stability, it will inevitably have a knock-on effect on individuals’ financial health and well-being. 

Experiencing financial difficulties can have significant consequences for individuals, including mental health, emotional, psychological, and social well-being factors. Furthermore, within a workplace environment, individuals may feel overwhelmed and vulnerable and be susceptible to bribes or take opportunistic risks. They may be so desperate in certain situations that they feel that they have nothing to lose. In addition, if individuals think they are not fairly compensated for their contribution or are not given opportunities for promotion, they can foster feelings of dis-engagement, resentment, and disgruntlement. Within these conditions and situations, individuals could be tempted to steal data and IP, steal or misappropriate funds, and sabotage systems or data sources, increasing the likelihood of insider threats to an organization. Therefore, organizations must be cognizant of the evolving and emerging insider threat landscape and take proactive steps to support their workforce. Organizations also need to be mindful that these individuals will have legitimate access to sensitive information, systems, financial assets, and premises and could cause significant harm to the organization’s overall well-being and survival. It is important that organizations must identify and mitigate potential issues before becoming insider threat incidents.

In this blog post, we will explore how financial difficulties can increase the risk of insider threats and recommend what organizations can do.  There is a balance that needs to be achieved, not just to protect the organizational assets and reputation and consider the legal and financial implications, but also to do the right thing for and by their employees, acknowledging that employees are not immune to pressures caused by financial distress or financial hardship. 

Health and wellbeing support; a preventative approach

More often than not, when organizations are looking at designing their insider threat programs, it’s too easy for the default position to focus primarily on detective and security monitoring controls.  While I acknowledge and advocate that there is a place for detective controls and security monitoring, prevention is equally important and will help avoid potential insider threat incidents. Therefore, safeguarding your workforce’s health and well-being by addressing employee financial fitness is essential in proactively reducing preventable insider incidents.

Organizations should ensure that they destigmatize any misconceptions and educate and re-educate employees to ensure that negative perceptions about financial difficulty can be addressed and spoken about in an open and safe environment.  Fostering an inclusive environment and culture by talking openly and honestly, and demonstrating understanding and compassion, will go a long way to building trust and reducing the likelihood of individuals taking opportunistic risks within the workplace. It’s not feasible to expect that organizations can help solve employees’ financial problems, but ensuring that the right organizational environment and culture that drives empowerment and an understanding around negative feelings of shame that may surround this topic, is beneficial. By providing training and support, specifically focusing on employee financial well-being, and ensuring that employees are aware of potential risks associated with financial difficulties, organizations can address these risk factors with a positive, balanced, transparent, and proportionate insider threat strategy.

While it’s not an organization’s responsibility to provide financial assistance to employees, there are several ways that organizations can support individuals who are facing financial difficulties and hardship, including:

  • Provide training for line managers on conducting what may feel like difficult conversations around financial health and well-being with their team or individuals
  • Provide training on how to recognize when individuals may be experiencing financial hardships
  • Offer avenues of support, including connections to debt charities and partnering with local charities, that can help individuals and families in financial crisis
  • Partner with financial institutions that can provide advice and guidance on helping customers manage debt
  • Provide counseling services
  • Provide short-term crisis loans or facilities to get short-term advances on their pay
  • Offer flexible working schedules to accommodate or help alleviate financial pressures (i.e., childcare costs, time to meet with banks, attend counseling services, etc.)

Given the aforementioned potential insider risks, and despite preventative strategies and support in place, not all insider threat incidents are avoidable. While preventive measures and ensuring that the health and well-being of your workforce are paramount, this alone will not prevent or minimize the risk of insider threats.  Therefore detection security monitoring controls come into play.

Security monitoring as a detective control

There is no doubt about the importance of effectively managing the risks that insider threats pose to organizations; therefore, deploying security measures and monitoring is critical in detecting and reducing the risk of insider threats. Examples of these measures, but not exhaustive, include monitoring employee behavior to detect suspicious or abnormal activity, implementing strong access controls, identifying critical organizational assets and who has access to them, monitoring critical systems, platforms, and applications, deploying two-factor authentication for access to essential techniques, platforms, apps, and data, fraud detection controls, etc., are necessary. However, these types of technology-based insider threat detection approaches should also be supplemented and reinforced by:

  • Segmenting workforce populations, identifying who can cause significant harm (consider wrapping additional detective and preventative controls around the population)
  • Insider threat training and awareness programs
  • Employment screening, including both pre-employment and, depending on the role, ad hoc screening throughout tenure, reviewing criminal, credit, and fraud checks
  • Provide impartial ‘report lines’ so that suspicious behavior can be reported 
  • Robust security and insider threat policies
  • Known advanced leaver notifications processes

It is important to acknowledge that individuals experiencing financial difficulties do not automatically mean an individual will be an insider. Many individuals facing financial difficulties and hardship do not engage in malicious activity. Avoiding making assumptions based on financial circumstances is essential. Raising awareness of the current economic environment and discussing and recommending how organizations can create a workplace environment where employees are comfortable speaking about  financial challenges as part of their insider threat program deliverables is crucial to building trust. Destigmatizing personal financial challenges will promote open communication, reduce employee stress and anxiety, and increase trust and productivity, by providing employees with the resources and support they need to manage their finances effectively while protecting the organization’s interests. 

What is Network Detection and Response (NDR)?
4 Top Cybersecurity Trends for 2022
The Different Types of Insider Threats and How to Stop Them
A Practitioner’s Perspective of DevOps: Keeping Systems Updated