Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Malicious Insider Psychology – when pressure builds up in the Fraud Triangle

By:
Oliver Brdiczka, Principal Data Scientist, Vectra Networks
December 13, 2014

In previous posts, we have discussed various types of insider threats that affect US government, companies and organizations in charge of critical infrastructure. We have discussed various insider attack patterns, but what are the motivations and constraints that make an insider turn against his employer?

We have seen that so called ‘whistle blowers’ may act upon their own convictions and turn against their employer, but their numbers are very limited.As the majority of cases involves the theft of information and assets in an organization for own personal gain, what are the motivations and constraints in this case?

A good place to start is theFraud Triangle, one of the most famous fraud-specific models, developed by the criminologistDonald Cressey. It explains the factors behind fraud, for example in cases such asBernard Madoff. However, it is also directly applicable to the insider threat problem.

Cressey interviewed imprisoned bank embezzlers in the early 1950s and concluded that many of them who were trusted law-abiding citizens before they had a “non-sharable financial problem.” The Fraud Triangle model is directly derived from this and consists of three elements: pressure, opportunity, and rationalization (see figure below).

“Pressure” to make a person commit fraud or an insider turn against his own company is the aspect of the fraud triangle that motivates the crime in the first place. In many cases, it is a financial problem of a personal or professional nature or just greed that underlies the pressure. The person often feels unable to share the underlying problem, such as an addiction or severe illness, with others as this might impact his social status. The individual is further unable to resolve the problem using ‘conventional’ means, so he begins to consider stepping over the line of legality and trust.

To step over the line, an “opportunity” needs to be present. The individual needs to have access to information or other resources of value, and perceive that, if illegally exploited, there is little risk of being caught.

The fear and perception of risk is further lowered by the fact that the root cause of the pressure is non-sharable – risking his social status may be as big of a risk as the crime itself. So stealing confidential company information might be perceived as being as "bad" as a drug problem, and if the latter cannot be resolved and concealed any more, why not commit the crime?

Rationalization is the last leg of the Fraud Triangle. Most insiders that turn against their organization are first time offenders without any criminal record, and they do not perceive themselves as criminals. Rather, they see themselves caught in bad circumstances that they are trying to resolve.

Therefore, the insider needs to explain the act to himself in a way that makes it acceptable or even justified. Common explanations are “I just borrowed the money,” “my family needs the money,” or “my employer is dishonest and deserves to be cheated.” As a result, the actual crime becomes a legitimate act of self-defense or self-preservation and not a crime.

The factors of the Fraud Triangle prepare the ground for an insider to act maliciously on his own account. The pressure is the reason for the act, the opportunity provides a possible solution and the rationalization justifies the act.

While these are the foundation mechanisms for the malicious act to happen, there are various other psychological and personality factors at play when the insider prepares and executes actions against his own employer, including sensitization, the “morning after” stage and stress spirals. In the next couple of posts, we will do a deep dive into the dark sides of the insider’s mind and look at how it evolves during and after an attack.

To learn more about how Vectra detects insider threats, register to download this white paper.

{{cta('7557d7eb-5c36-4452-9b2d-e3e379554cee','justifycenter')}}

This article was originally published as part of the IDG Contributor Network.

About the author

Oliver Brdiczka

Oliver Brdiczka is an AI Architect at Adobe. He has led R&D teams and designed/build AI systems that understand and respond to human behavior, relying on data from various sensors and deployments. Before joining Adobe, he was an advisor at Quantiply Corporation and Yobs. Previously he was a co-founder and VP of AI research at Stella.ai and principal data scientist at Vectra. He received a masters in computer vision, robotics, and imagery and a PhD in computer science and artificial intelligence from Institut polytechnique de Grenoble.

Author profile and blog posts

Most recent blog posts from the same author

Cybersecurity

Insiders – Threat or Blessing?

November 12, 2014
Read blog post
Breach

Is your thermostat spying? Cyberthreats and the Internet of Things

July 13, 2015
Read blog post
Artificial intelligence

Do you know how to protect your key assets?

March 27, 2015
Read blog post