In this blog, a Fivecast Tradecraft Advisor looks at the application of open-source intelligence (OSINT) to the growing challenge of insider threat detection for private organizations.
When referring to insider threats, most people think of employees selling propriety and sensitive insider information to competitors. This is certainly a significant aspect of insider threats. However, across global corporations, we have seen a notable increase in violent insider threats, with disgruntled employees “going postal”. The term “going postal” has its origins in the latter half of the 20th century when several employees of the US Postal Service were found acting out in violent ways. Today, it is this very concern that has increased the urgency and prompted companies and governments to increase their search for an application that combines best practices and innovation to get ahead of and detect insider threats before they present a major problem.
Employees from many corporate or government offices are required to complete a course on insider threat each year. Often, this is in the form of an interactive computer-based program or written exam. In fact, it is common to require completion of these courses for continued employment. Such courses inform employees on what an insider threat is and potentially what to look for in their fellow coworkers. There is heavy emphasis placed on coworkers reporting their peers for suspicious activities.
The major issue with this method of preparing for insider threat is that coworkers are not reliable whistle blowers. The warning signs often appear innocuous and are only a real indicator of threat when placed in greater context. People are not likely to report a coworker’s financial hardship for many reasons:
- they’re friends with the coworker
- it’s none of their business
- who doesn’t complain about their boss?
- they don’t want to look like they’re advancing themselves etc.
As a result, signs of potential violent behavior often go unreported, even if they’re obviously apparent to coworkers. The Molson Coors gunman was known to have confronted coworkers about personal grievances, but none were recorded. The Fort Hood shooter was known by coworkers to express Islamic Extremist views. This further solidifies the need for alternate avenues of predicting workplace violence.
Current methods of preventing such violence – hoping coworkers report threats – is woefully insufficient. Active shooters often leave considerable evidence in their wake, in both the real world lives and on social media that could have given advanced warning.
Management is often aware when certain employees are disgruntled or upset, but the scale of their anger can often be hidden in a professional environment. Social media monitoring gives organizations advanced warning of violent intentions that would otherwise be hidden. We know now, in the post-mortem, that the perpetrators of the mass shootings at Fort Hood, Pensacola Naval Air Station and the Washington Navy Yard all had indicated they were violent threats.
Publicly available data and open-source intelligence can provide key insights into potential threats including:
- negative sentiment towards employees or the business,
- direct threats against employees or the business, and
- motivating factors that could contribute to insider threats.
The private sector has traditionally performed little to no screening or vetting of employees following the initial interview and pre-employment background investigation. Although employee HR records can highlight problematic behaviors, as identified above, these actions can often go unreported. As we all know, people’s situations, opinions and attitudes can change quickly, highlighting the need for insider threat detection tools that perform continuous evaluation.
Fivecast ONYX deploys advanced data collection and AI-enabled risk analytics to rapidly identify threats hidden in masses of digital data. Fivecast ONYX’s automated, repeatable, and ongoing risk assessment framework can be customized to detect insider threats before they happen, helping corporate intelligence teams protect the workplace, employees, and the business.