Research contradicts Brandis' focus on insider threats

Insider threats represent a minimal risk to organisations and focusing on weeding out rogue employees is likely to result in an oppressive work environment, a leading researcher has warned.

The comments, made yesterday by a research scientist at Carnegie Mellon University, follow the Australian Government's introduction of new mandatory personnel security requirements for Commonwealth agencies to protect against the threat of an Edward Snowden or Bradley (Chelsea) Manning-style breach on Australian soil.

Announcing the new requirements at the Security in Government conference yesterday, Attorney-General George Brandis said a trusted insider was the most likely source of a security breach for an organisation, and government agencies therefore needed to monitor the suitability of personnel on an ongoing basis.

But at the same conference, Bill Claycomb, lead research scientist at the CERT Insider Threat Centre at Carnegie Mellon University, said the actual base rate of malicious insiders in an organisation equated to 0.02 percent of employees.

Focusing on discovering a rogue operator was likely to result in numerous false positives and the introduction of an oppressive work environment, he said.

Additionally, imposing controlling practices on employees to ensure security would not help the organisation retain top talent.

Claycomb warned that there was a fine line between employees feeling constantly watched and needing to monitor staff behaviour to detect illegal insider activity.

Similarly, the high number of false positives reported in such a regime - due to the discovery of inadvertent or non-malicious incidents  - could taint an insider threat prevention program.

Claycomb suggested that rather than constantly monitoring employees, organisations work to identify certain personality traits associated with a callous-manipulative interpersonal style and which fit many rogue insiders - specifically narcissism, Machiavellianism and psychopathy.

He said using such tools as the Linguistic Inquiry and Word Count text analysis software program could help calculate which employees use different categories of words associated with certain personality traits.