Protecting your business from insider threats in seven effective steps Why your organisation is currently defenceless

By Boaz Fischer on Nov, 10 2014

Trust Thy Co-Worker

Our everyday life is much stranger than we imagine, and rests on fragile foundations
– Paul Seabright, a professor of economics at the University of Toulouse

Trust Thy Neighbour. Love Thy Neighbour

Yes, we have grown up with such proverbs. But how well do they partake in today’s life and more importantly when it comes to trusting our colleagues within our corporation.

Never mind loving thy neighbour, many of us don’t even know who they are or lives next door.

And while we might cherish the idea of living in a warm and welcoming community, it seems that when it comes down to it, we have a hard time going out of our way for strangers.

Trust in society has been identified as very beneficial. However, trust is also very susceptible. In an article titled “Trust Thy Neighbour: Exploring Information Sharing in Anonymous Urban Settings to Support Trust Generation”(Peter Conradie , Stephanie Neumann and Jonas Breme article), they state there are two types of support trust.

  • The first type of trust is built on social identification and external information that aids risk assessment. Familiarity-based trust forms as a result of prolonged interaction with others. This type of trust is built through the identification of group similarities. It leads to higher trust between group members.
  • The second is built on Strategic trust, which is based on a calculation of outcomes. Establishment of this type of trust depends on referring to past experiences, or by getting references from others who have already performed similar transactions.

One might think a person is sincere and honest, but you won’t trust him or her if they can’t get results. This is typically typified by politicians (familiarity). They have abundance of intent, but rarely do they deliver results (strategic). Politicians rarely “walk their talk” as the saying goes.

ICT provides examples of these two types of trust. For example, eBay ratings are an example of strategic trust being supported through a reputation system. Buyers are given information about sellers in order to make a strategic assessment about their trustworthiness. Familiarity-based trust generation can be illustrated by users recommending or illustrating books and films.

What is an organisation?

An organisation is a “social invention” for accomplishing common goals. As such organisations have people who present both opportunities and challenges.

You probably have had the pleasure or displeasure of sitting through one or more job interview in your life. After all, the interview is one of the most common organisation selection mechanisms.

You may have also come across various different personality tests such as Myers-Briggs, psychometrics assessment and other which are designed to help organisations assess how well you would fit into their model.

Once a person has been selected to become an employee, that employee is then granted an “automatic” level of trust within the organisation.

Do you trust your boss? Whether or not you trust your boss and management probably has a lot to do with how much they support you?

But does trusting your boss leave you vulnerable? The Enron scandal, revealed in October 2001, eventually led to the bankruptcy of the Enron Corporation. It came about because Enron executives with the use of accounting loopholes, special purpose entities, and poor financial reporting, were able to hide billions of dollars in debt from failed deals and projects.

So, how much do you trust your co-workers or employees? Would you bet $400,000 on that? In a true story, a former employee at a bank in Queenstown, New Zealand was recently convicted and imprisoned after being found guilty of stealing more than $400,000 from her then-employer. Investigators found that the she began committing her inside-attack against the bank in 2010 and continued until 2013. Creating sixteen fictitious accounts with loans and overdrafts ranging from $12,000 to $120,000. Altogether, the amount totalled $402,386.

How was she able to steal such a large amount over such a long period of time? The bank trusted her .Co-workers at the bank felt guilty because they didn’t notice what she was doing and they felt like they had been manipulated by her. This can be common when a trusted member of an organisation abuses the freedoms they are given in a responsible position.

An organisation should be able to trust their employees. And that’s what makes user activity monitoring so essential. No matter how much you trust someone, it’s always a good idea to trust but verify. Your most trusted employees are the ones with the most opportunity to steal.

It seems astounding that an inside-breach could go completely undetected by bank authorities and team members at such a scope over an extended period of time.

Often times an organisation or team builds a certain level of trust and respect to the point where activity monitoring doesn’t seem like a top priority. It comes to pass that once a person becomes an employee, they become a well respected and trusted member of the organisation.

User based risk is one of the least understood and most uncomfortable security issues facing companies today. But it is a risk that must be addressed as 76% of reported security incidents involve accounts with access to sensitive data according to Verizon Data Breach Report.

Something to Think About

No matter how much an organisation trusts their employees, there should always be systems in place to verify that trust and help mitigate these user based risks.

To Find Out More

To learn more about mitigating user based risks to ensure your organisation data is protected, contact CommsNet Group - regarding user activity monitoring.