He particularly emphasized that, according to the Cost of Data Breach Report, under the influence of the self-isolation regime, the number of leaks has increased fivefold!
Alexey Filatov, referring to the research of Owner Consulting, noted that 10% of people never steal, 10% of people always steal, and 80% of people will steal under favorable conditions. In this case, the motives of the insider can be divided into five large groups: negligence, revenge or resentment, benefit, fraud, ideological considerations.
There are studies that claim that up to 40% of insiders and employees who commit serious violations of information security rules do not show themselves in any way before an incident in the network environment. At the same time, more than 80% of insiders have significant personal and behavioral characteristics, the identification and assessment of which makes it possible to calculate the risk of violation of information security rules by a specific employee. However, as Alexey Filatov notes, it is almost impossible to identify personality traits that are important for security professionals using tests and questionnaires, since employees give predominantly socially desirable answers when filling out these questionnaires.
In general, the portrait of an insider is as follows: this is a person with a pronounced individualism as opposed to team spirit. In addition, this person has a high motive for money and material values. And also a high motive for power in communication. You can also add high impulsiveness and emotionality, mood swings, gambling. And also: high egoism; conflict and aggressiveness; sabotage and unreliability in the performance of professional duties; high unrealized ambitions; low loyalty to the previous employer; desire for personal privileges; average or low professional productivity according to KPI.
the digital behavior of an insider is difficult to pattern. At the same time, an insider is characterized by:
desire not to use the corporate computer for personal purposes;
a small amount of entertainment traffic;
complete absence or minimal amount of positive jamaica mobile database in correspondence;
a small number of open connections and contacts;
interest in politics and weapons;
episodic rather than continuous network activity.
However, as Alexey Filatov notes, there is a set of tools that allow, based on the analysis of an employee's digital footprint, to create a psychological portrait of the employee to calculate risks in the field of information security, as well as to identify, delimit and reduce potential risk groups without any leads or operational information. In this case, the employee's activity is assessed exclusively on the corporate computer, without violating any legal norms.
“Detailed knowledge and understanding of their personnel allows companies not only to act proactively in preventing information leaks, but also to increase the efficiency of management and the work of the entire team,” says Alexey Filatov.
SealPrint without imagesSend to Telegram
Alexey Filatov points out that
-
rakhirhif8963
- Posts: 535
- Joined: Mon Dec 23, 2024 3:13 am