VIEW 19
Threat actors: Rogue employees
A common statistic states that some 90% of all cyber security breaches are caused by human error of some type. At the most basic level, this could just be an employee mistakenly sending confidential information to the wrong recipients - known as a ‘fat finger’ error from hitting the wrong key on the keyboard. Then there are phishing attacks which exploit human curiosity; an employee clicks on an innocent looking email that piques their interest and so installs malware unintentionally. Drive-by cyber-attacks trick conscientious executives who put in that extra hour of work in the airport lounge over insecure local WIFI connections. (Note to self: keep off the laptop and head for the snacks!)
Spotting a rogue employee
All the above are examples of unintentional errors, but we should also recognise that there are sometimes rogue employees in organisations who deliberately cause a cyber breach. How would you spot such a rogue employee? Psychologists agree that they share three personality traits. First, they have narcissistic tendencies with an over inflated sense of self and a need to feel superior if their ego is threatened. Second, they have a Machiavellian mind set; a cynical world view where unprincipled behaviour is acceptable because the end justifies the means. Last, they display psychopathic tendencies, impulsively seeking thrills while disregarding other’s feelings.
This type of analysis puts all the blame on the individual but note that corporate culture has an important role to play too. There are five factors in the corporate environment that can trigger destructive behaviour in employees as identified by Furnham and Taylor in their book “Bad Apples”. The first trigger is an uncaring company atmosphere where bullying is rife and employees feel downtrodden. The second is unmet expectations where promises made during the interview process are not upheld. Third is corporate hypocrisy, a huge rift between the CEO’s vision statement on the website and the reality of daily work. In this environment, words clearly don’t match deeds. Fourth is a lack of trust, managers are suspicious of workers and vice versa. Last is a high level of inequality where employees receive vastly different treatment; loyalty and diligence is unrewarded while sycophants are promoted.
Any organisation where these five factors are characteristic of the corporate culture is creating a toxic brew that is bound to produce malicious behaviour from rogue employees. Thankfully, all five factors are completely within the compass of corporate control. The best route to reducing rogue employee risk is therefore clear.
