Organizations are increasingly aware of the impact of insider cyber threats, but most are more prepared to respond to external cyber threats. One survey in 2015 found that on average, just 3.6% of the total IT budget for the previous year was spent on addressing internal security. Yet, Intel Security’s 2016 Report states that among companies experiencing data breaches over the past few years, insiders were responsible for 43% of data loss, half of which was intentional and malicious. Another recent survey showed that while 74% of organizations feel vulnerable to insider threats, leaders report they have a harder time detecting and preventing an insider attack versus an external cyber attack.
The detrimental impact of an internal breach can extend far beyond the significant financial costs, to damage the integrity of the company’s brand, and even affect the physical safety of employees. Yet, most organizations do not have a formal insider threat program; and those that do are typically reactive. They’re designed to gain visibility into aspects of employee behavior that have already happened, such as unauthorized downloads and server log-ins, and seek to identify insiders who are breaking rules about data access and use. Most programs do not proactively mitigate against this threat before action occurs – they just notify you when something has already gone wrong.
The key to identifying and addressing at-risk employees before a breach or incident occurs is to focus as much on understanding and anticipating human behavior as on shoring up technological defenses. The best way to do this systematically is by analyzing employees’ language continuously and in real time, in a way that still respects privacy. And, the data is readily available to do so because email, chat, and texts are now one the most common methods of communication in business.
In behavioral science research, certain negative emotions, stressors, and conflicts have long been associated with incidents of workplace aggression, employee turnover, absenteeism, accidents, fraud, sabotage, and espionage. Examining language as an indicator of behavior began decades ago and was first used extensively in the political sphere, supported by the seminal work of Margaret G. Hermann, which explained foreign policy behavior by analyzing the personal characteristics of leaders. This practice of political psychology, known as psychological content analysis or remote assessment, has its roots in psychological coding of leaders.