Applying insider threat detection during the hiring process

I'm currently responsible for filling a couple of security positions at my company, and both will have access to our customers' sensitive data. Needless to say, I've been worried about the much-hyped insider threat during this process. Do you have any tips on how to screen potential hires for such sensitive positions? How deeply should we try to dig into backgrounds? Or, is it better to offload to a third-party, and if so, what do we ask them to look for?

The insider threat is receiving a lot more attention today due to the news regarding Edward Snowden and the information he leaked from the NSA. This leak demonstrated that data breaches caused by insider threats can be much more devastating than more common breaches caused by external factors. After all, insiders have direct knowledge of the most sensitive information in your organization, and the authorization to access it. This is especially true for employees who work in information security, so employers need to develop insider threat detection programs to establish: 

• Screenings for personality traits

These traits include factors such as moral ambiguity and the ability to overcome inhibitions. The insider-threat-prone candidate may even demonstrate risk-taking behaviors in other areas of their life. There may also be a sense of self-importance, to the point of arrogance present in the person. All of these characteristics can be detected through structured interviews or standardized personality testing. Smaller companies may want to use a third party if they do not possess this type of expertise in house.

• Background and financial record checks

Other factors that lead to insider threat behavior can be discovered through background and other financial record checks. People with financial difficulties due to excessive gambling or spending tend to be more susceptible to committing an insider threat than those without the same history. It is often found that perpetrators have had prior disciplinary issues on the job as well. An unhappy family life or other interpersonal difficulties can also be a strong correlation to insider threat behavior. 

• Plenty of controls

There is potential for insider threat even with personality screening and background checks in place. This is why organizations should also implement strong controls that limit the possibility of insider threat. An organization should restrict access for employees to limit the number of permissions necessary to perform their job duties. Enterprises should also monitor employees who have access to sensitive information and require another employee's approval for access to sensitive operations. Organizations may want to reduce or eliminate remote access for employees who have access to important data.

Risks are only going to grow as organizations amass larger datasets full of sensitive information, making insider threat detection more essential. Companies can implement on-site personality screening or use a third party to identify potential insider threats. Insider threat can also be reduced through the implementation of strong controls that reduce the opportunity for theft.

Ask the Expert

Have questions about enterprise security management? Send them via email today! (All questions are anonymous.)