THE ENEMY WITHIN

For Star Trek fans out there, we take you back to season one in 1966. This 5th episode was entitled "The Enemy Within." In it, during a transporter malfunction Captain Kirk splits into two individuals - a "good" Kirk and an "evil" Kirk. The good Kirk seems to be a bit disoriented but mostly normal. Over time, however, he begins to show signs of weakness and loses his ability to give orders and make decisions. The evil Kirk, meanwhile, demands a bottle of Saurian brandy, assaults a crew member, gets a phaser gun and then goes to the bridge. Eventually the split persona causes both Kirks to become weak and Mr. Spock helps save the day and bring them back together. While not as futuristic, Symantec has done some interesting research in the area of human behavior. They say that certain "stressors", such as job or family related problems; cause some people to cross the line from possible bad behavior to actual bad behavior. The study asserts that some people have personalities with markers "that predispose them to theft" when they are confronted with a stressful life situation. Risk, technology and information security professionals, in particular, are in a constant battle to protect our networks and systems from faceless outside enemies. At times we may fail to recognize or devote resources toward "Enemies Within" that might become the "evil" twin when confronted with a debilitating life situation. Given banks have so many resources devoted to intrusion prevention, firewall, anti-virus etc., it is perhaps easy to overlook internal threats. Symantec cites a study by Doctors Eric Shaw and Harley Stock that sheds light on common elements among insider thieves. Their findings in the area of psychological profiling and employee risk management include many specific behaviors and indicators. For instance, the majority of intellectual property thieves are male employees in technical positions (engineers, programmers, scientists) that steal information they are authorized to access. Further, 67% of thieves already have new jobs and over 50% take information within 30 days of leaving a company. The study also found that personality markers that cause employees to be more inclined to take company materials are: mental health problems, being prone to impulsive acts, spending beyond means and marital conflict/separation. Since bankers trust most of their employees, it is painful and unnatural to imagine the worst. Nevertheless, the "risk avoidance" Kirk within us needs to have a voice too. Studies show that intellectual property theft costs American businesses over $250B every year and thieves are most often current or former employees. We count on our coworkers to help our organizations thrive, so it is all the more tragic when this occurs. Experts recommend four practical suggestions to mitigate intellectual theft risks: 1) pre-employment screening, 2) training and education, 3) compare company policies against a checklist of structures that should be included and 4) use a multi- disciplinary team (HR, Security, and Legal) to develop the program, drive training and monitor at-risk employees. Research shows that at least 33% of theft incidents are preceded by specific signs and indicators include: altercations with other employees and mood swings or sudden behavioral changes. All workers should be vigilant because it's usually an employee not involved in a technical role who discovers a theft has occurred. Managers and employees should be trained to recognize signs and behaviors that indicate help is needed. We need to also empower risk mitigation teams to gather relevant information and take preventative action when possible. Careful attention should also be given to employees who are leaving the company. Intellectual property is an important company asset and care must be given to the risks associated with insider incidents. So, in a world where intellectual property is stolen at an alarming rate, ensuring the "good" and "evil" Kirk's stay together requires the best efforts of "the entire crew"....Beam me up, Scotty.