The notion that employees suddenly “snap” and become a threat is wrong. The conditions that lead a person to become an insider threat have been heavily researched and are well known. The “Fraud Triangle”, coined by noted American criminologist Donald Cressey in 1973, illustrates the three prerequisite factors to committing occupational fraud:
- Real or perceived pressure
Pressure, which can be financial, personal, or legal is the first indicator of changes in a risk profile. Real-time risk alerts notify organizations the instant pressures or stressors pose a risk to their business. This allows organizations to rapidly intervene with assistance, access changes, or security monitoring BEFORE damage occurs.
This consistent human behavior pattern observed by Cressey, supports Gartner’s research that 80% of insider threats can be stopped by using external monitoring.
In 2013, the Government Accounting Office conducted an in-depth analysis of all people with security clearances. It’s hard to imagine a more reputable and better vetted population of people.
The report summarizes all the reasons that security clearances had been revoked. In more than 90% of the cases, issues typically originated outside of the work environment. These require external data to identify.
Fact: no matter how well organizations vet new employees and contractors, their risk profile will change over time. Events and pressures outside of the organization will steer some off course and issues will seep into the work environment. Real-time alerts allow organizations to identify the early warning signs and intervene before issues escalate.
With real-time risk alerts, security professionals turn reactive, labor-intensive investigations into proactive, real-time evaluations. Endera delivers the data connections, automation, and workflows to evaluate thousands of identities across tens of thousands of external data sources simultaneously. The Endera platform streamlines the process of validating the accuracy of alerts, managing alerts through internal adjudication processes, and measuring and analyzing risk enterprise-wide.