The Human Element of Insider Threats – Discovering Psychological Drivers

By Findlay Whitelaw, Senior Director, Insider Threat Program, Solution Engineering

We previously discussed threat profiles through our recent webinar, supported by the recently published eBook – Five Insider Threat Profiles, which describes each insider threat profile’s characteristics, behaviors, actions, and valuable analytical indicators. This blog post will build upon this and focus on psychological factors that contribute to insider threats. Understanding the human behavior and motivations behind these cases is important to fully consider a human-centric holistic insider threat program strategy. I say this amid mass organizational disruptions through cost control and reorganization exercises that we are witnessing against an already challenging economic backdrop of a cost-of-living crisis. This makes today’s exam question of what motivates individuals to steal, leak sensitive information or cause harm to organizations by exploiting their legitimate access to organizational critical assets (including premises, systems access, resources, intellectual property, and sensitive data) even more current and pressing.

While acknowledging that there is undoubtedly a place for technology-based security solutions, as discussed in my recently published article, “The Human Element of Insider Threats: A Strategy to Address Financial Hardship”, which recommended preventative and detective measures and controls. Understanding and recognizing psychological factors that motivate or catalyze individuals to become more likely  insider threats to organizations is important. 

As previously mentioned, under today’s economic climate and cost of living crisis, financial pressures are certainly one of the key drivers and a powerful motivator, especially if there are prospects of financial gain. Typical acts or cases see individuals stealing money, misappropriating organizational funds, stealing valuable assets or IP, or exploiting their legitimate access for personal or financial gain for a third party, such as an organized crime gang.  

External pressures

External influences, which psychosocial pressures can drive, are among the most under-estimated insider factors. Notwithstanding the aforementioned financial pressures, such as debt and fear of unemployment could include financial pressures, several other factors can go unnoticed within an organizational environment. However, these can have significant and devastating impacts on individuals and organizations, and drivers can include; 

  • Family obligations and responsibilities: An individual may feel under pressure due to caregiving responsibilities, trying to balance caring costs, emotional stress, and work commitments.
  • Relationship challenges: Personal relationships are complex and can have less than healthy impacts on individuals, and can manifest in several ways, including:
    • Loyalty conflicts
    • Coercion
    • Emotional distress 
    • Social engineering, social media, and online socializing

Individuals may feel pressured, manipulated, or in a dysfunctional relationship, under duress, or be duped into disclosing sensitive information, stealing information or resources, or committing acts of sabotage due to their personal, romantic friendships or from broader connections, including digital connections.  

Challenges within the corporate perimeter

Furthermore, internal to organizations, interpersonal challenges can manifest in multiple ways. They can be diverse, complex, unpredictable, and come with many challenges depending on the situation and context; examples can include:

  • Workplace cliques, social networks, groups, or inner-circles
  • Personality clashes, personal disagreements, conflicts
  • Communication challenges, misunderstandings
  • Cultural differences
  • Power dynamics
  • Harassment and bullying
  • Discrimination or prejudice

Although not an exhaustive list, the challenges mentioned above can create a workplace environment that can lead to individuals feeling disengaged, mistreated, disrespected, excluded, and isolated, creating a lack of trust and propagating a culture of toxicity.

Occupational and performance pressure, where unintended consequences are borne from measures and KPIs that can drive behaviors, especially if goals and performance are incentivized or monetized, is also a contributing factor. The financial crisis of 2008 is a case in point: Financial institutions were incentivized to pursue risky investments and take on high levels of debt to meet performance targets to maximize profits. This also highlights how organizational culture plays a significant role in the survival and reputation of organizations, with inappropriate risk management and oversight resulting in high risk-taking decisions, lack of transparency, and open communication, resulting in the financial crisis of 2008.

Achievement and personal success may conversely, drive some individuals who demonstrate a strong desire for recognition, status, promotion, power, control, attention, and impulsiveness to achieve their goals. This behavior sees individuals prioritize their gain over the greater good of the organizational purpose. Here unethical or, at times, illegal conduct, such as insider trading, data theft, data manipulation, falsification, tampering, or distortion, can occur.   

Revenge or disgruntlement is also a significant risk, especially when the organizational culture is toxic, with poor leadership, lack of trust, communication, and openness, all of which make individuals resentful or disgruntled working in these conditions. Revenge or disgruntlement can become amplified when there is a significant change, for example, restructuring and redundancies, where job preservation and economic survival are essential to individuals’ livelihoods. 

Extreme ideological or political beliefs are also motivators. These can be borne from radicalization, loyalty to a cause, disillusionment, and personal biases, particularly where individuals want to expose the perceived wrongdoing within organizations or where individuals have been socialized or had personal experiences of trauma or discrimination which can result in the development of extreme views and result in harm being intentionally inflicted for the sake of the cause.

Organizational cultures that promote good insider threat management practices, including understanding psychological drivers that can be a catalyst of insider attacks often incorporate a human-centric approach when deploying their insider threat program. This will help address unique risks from individuals and help inform organizational policy, culture, procedures, technology choices and set strong ethical foundations. Prioritizing the well-being of employees will subsequently support insider risk mitigation efforts. Strong, transparent, open leadership, fostering a positive work environment through sincere employee support, as recommended in my recent blog, “The Human Element of Insider Threats: A Strategy to Address Financial Hardship,” also applies here. 

While psychological factors are harder to detect from an insider threat perspective, there are often associated behavioral indicators that will highlight early detection or red flags to anomalous behavior. These, for example, include changes in working patterns, enhanced system access requests, escalation of privileges, changes in communication styles, and deviations in communication patterns. These indicators are easily detected in real-time through our UEBA out-of-the-box policies, offering security analysts time to respond as they occur, preventing insider threats such as flight risk, out-of-hour activity, data exfiltration, privilege misuse, and other insider threats from causing significant organizational harm or damage. If you would like more information on setting up or strengthening your Insider Threat Program or request a product demo, please contact us at [email protected].

A Practitioner’s Perspective of DevOps: Keeping Systems Updated
Securonix Hackathon: Building the Future of Security, Together
70% of Organizations Feel Unprepared and How Advanced Technologies Can Help
Understanding the State of Insider Threats in 2024