Don worked in sales for a mid-sized technology company that was acquired by a larger competitor. He had been a consistent performer, but over time, frustration with the changes to the way the (new) organization operated convinced him it was time to find another role.
Because he had worked a territory for an extended period of time, he had built strong relationships with a good number of clients. He did not want to move on without the data he had on these clients, as he knew he could use it in his next role.
So, prior to resigning, he painstakingly went through the CRM system and took screenshots of the customer records he wanted to take with him. He ended up with hundreds of pages of information, which he printed and carried out with him the day before he gave notice.
How can you tell if someone going through a personal crisis poses a threat to your company? Is a disgruntled employee about to steal sensitive data or sabotage one of your key systems?
Unhappy employees rarely talk about what’s happening in their personal lives. If they do, chances are they don’t confide in their boss. Their bosses are often the source of their disgruntlement. They’d be even less likely to let on to anyone if they were planning some kind of illicit activity.
So, how do you get an idea of what’s going on inside the minds of employees? How do you proactively identify areas where your risk of an insider attack may be elevated?
There is a way to detect risk conditions—even anticipate suspicious activity—without violating an individual’s privacy and without constantly inspecting user activity. It’s a passive security system that includes psycholinguistic indicators—or, how an employee’s use of language is a key to what’s inside his head.
As user and entity behavior analytics have emerged to help organizations combat internal threats, psycholinguistics are getting a fresh look as a source of information that can help head off potential attacks from within the firewall.
People have studied psycholinguistics for at least 80 years, though most researchers have focused on different aspects of psychology, neuroscience, linguistics, anthropology, and, most recently, computer science. According to ScienceDaily.com, “psycholinguistics is the study of the psychological and neurobiological factors that enable humans to acquire, use and understand language.” It also seeks to determine how people process and comprehend language and how they produce it. Psycholinguistics includes indicators such as phonetics, morphology, syntax, semantics, and pragmatics. Here’s a quick primer of those terms:
? Phonetics deals with the sounds of speech, and how the brain interprets these sounds
? Morphology is how you structure your words together and the relationship between words such as “cat” and “cats”
? Syntax describes how you arrange your words to form sentences such as: “the cat was gray in color” instead of “the gray cat”
? Semantics is about the meaning of sentences or what you are trying to say
? Pragmatics is what you understand a word, or sentence, to actually mean
What can psycholinguistic indicators tell you about the state of mind of those who work for you? A security system that collects and analyzes employee e-mails, chats, messages, and other forms of communication can set a behavioral baseline for most or all of these indicators, establishing linguistic patterns within a range—or a baseline of normal activity.
Let’s go back to our disgruntled employee. Analyzing the tone and intensity of Don’s communications over time would likely have shown a negative shift in his overall sentiment. This shift can be an indication of disgruntlement. If a negative shift in sentiment were detected, followed by an increase in printing activity (which user behavior analytics can also baseline), you would be seeing evidence of a potentially unhappy employee beginning to take corporate data.
When these user linguistic patterns change, they may suggest a change in an employee’s state of mind or intentions. That can sometimes indicate trouble and in some cases, that ought to trigger an investigation.
When psycholinguistic indicators are combined with technical indicators (for example, changes in a user’s behavior related to information access, or movement of data to the cloud or portable storage), they can be a powerful help in prioritizing investigative efforts.
Ideally, the actual user activity data is logged for review, so investigators can zero in on activities occurring before, during, and after the time of the alert and quickly ascertain if there is a problem that requires a response.
Security systems that call on psycholinguistic indicators and powerful investigation tools are indispensible for a growing number of companies concerned about threats from within. But even the best technology can’t root out every potential problem.
Used in tandem with a little common sense, you stand a better chance of getting inside an employee’s head and anticipating harmful behavior. Someone under obvious stress at work (example: a recent poor performance review) or at home (a known family problem) bears watching. So do employees who’ve given notice, or suspect their job is at risk, that may decide to walk out with some of your assets.
When it comes to dealing with insider threat, there are no silver bullets. A combination of people, process, and technology is required. Having a solution in place that is designed to look at user behavior - one that incorporates psycholinguistics to provide earlier warnings that might otherwise be possible - can be a key part of the technology needed.