Solutions
Solutions for
K-12
K-12
Learn MoreEducator & Staff Training
Educator & Staff Training
Improve compliance and deliver critical professional development with online courses and management system
Learn moreStudent Safety & Wellness Program NEW
Student Safety & Wellness Program
Keep students safe and healthy with safety, well-being, and social and emotional learning courses and lessons
Learn moreProfessional Growth Management
Professional Growth Management
Integrated software to manage and track evaluations and professional development and deliver online training
Learn moreAnonymous Reporting & Safety Communications
Anonymous Reporting & Safety Communications
Empower your school community to ask for help to improve school safety and prevent crises before they occur
Learn moreIncident & EHS Management
Incident & EHS Management
Streamline safety incident reporting and management to improve safety, reduce risk, and increase compliance
Learn moreCareer & Technical Education NEW
Career and Technical Education Solutions
Maximize Student Outcomes with Our All-in-One Work-Based Learning Platform and CTE Courses.
Learn moreHigher Education
Higher Education
Learn MoreStudent Training
Student Training
Increase safety, well-being, and belonging with proven-effective training on critical prevention topics
Learn moreFaculty & Staff Training
Faculty & Staff Training
Create a safe, healthy, and welcoming campus environment and improve compliance with online training courses
Learn moreCampus Climate Surveys
Campus Climate Surveys
Simplify VAWA compliance with easy, scalable survey deployment, tracking, and reporting
Learn moreAnonymous Reporting & Safety Communications
Anonymous Reporting & Safety Communications
Empower your faculty, staff, and students to take an active role in protecting themselves and others
Learn moreIncident & EHS Management
Incident & EHS Management
Streamline safety incident reporting and management to improve safety, reduce risk, and increase compliance
Learn moreManufacturing
Manufacturing
Learn MoreSafety Training NEW
Safety Training
Elevate performance and productivity while reducing risk across your entire organization with online training.
Learn moreFood Safety Training NEW
Food Safety Training
Empower your workforce with industry-leading training solutions designed for Food and Beverage Manufacturing.
Learn moreIndustrial Skills Training NEW
Industrial Skills Training
Close skills gap, maximize production, and drive consistency with online training
Learn morePaper Manufacturing Training
Paper Manufacturing Training
Enhance worker expertise and problem-solving skills while ensuring optimal production efficiency.
Learn moreHR & Compliance
Provide role-specific knowledge, develop skills, and improve employee retention with career development training.
Learning Management System (LMS)
Learning Management System (LMS)
Assign, track, and report role-based skills and compliance training for the entire workforce
Learn moreEHS Management
EHS Management
Track, Analyze, Report Health and Safety Activities and Data for the Industrial Workforce
Learn moreSafety Communication
Safety Communication
Enhance the safety for the industrial workforce with two-way risk communications, tools, and resources
Learn moreFire Departments
Fire Departments
Learn MoreTraining Management
Training Management
A training management system tailored for the fire service—track all training, EMS recerts, skill evaluations, ISO, and more for 100% of training in one place.
Learn moreCrew Shift Scheduling
Crew Shift Scheduling
Simplify 24/7 staffing and give firefighters the convenience of accepting callbacks and shifts from a mobile device
Learn moreChecks & Inventory Management
Checks & Inventory Management
Streamline truck checks, PPE inspections, controlled substance tracking, and equipment maintenance with a convenient mobile app
Learn moreExposure and Critical Incident Monitoring NEW
Exposure and Critical Incident Monitoring
Document exposures and critical incidents and protect your personnels’ mental and physical wellness
Learn moreEMS
EMS
Learn MoreTraining Management and Recertification
Training Management and Recertification
A training management system tailored for EMS services—EMS online courses for recerts, mobile-enabled skill evaluations, and more for 100% of training in one place.
Learn moreEMS Shift Scheduling
EMS Shift Scheduling
Simplify 24/7 staffing and give medics the convenience of managing their schedules from a mobile device
Learn moreInventory Management
Inventory Management
Streamline vehicle checks, controlled substance tracking, and equipment maintenance with a convenient mobile app
Learn moreWellness Monitoring & Exposure Tracking NEW
Wellness Monitoring & Exposure Tracking
Document exposures and critical incidents and protect your personnels’ mental and physical wellness
Learn moreLaw Enforcement
Law Enforcement
Learn MoreTraining and FTO Management
Training and FTO Management
Increase performance, reduce risk, and ensure compliance with a training management system tailored for your FTO/PTO and in-service training for 100% of training in one place.
Learn moreEarly Intervention & Performance Management
Early Intervention & Performance Management
Equip leaders with a tool for performance management and early intervention that helps build positive agency culture
Learn moreOfficer Shift Scheduling
Officer Shift Scheduling
Simplify 24/7 staffing and give officers the convenience of managing their schedules from a mobile device
Learn moreAsset Mangagement & Inspections
Asset Mangagement & Inspections
Streamline equipment checks and vehicle maintenance to ensure everything is working correctly and serviced regularly
Learn moreEnergy
Learn MoreSafety Training
Safety Training
Elevate performance and productivity while reducing risk across your entire organization with online training.
Learn moreEnergy Skills Training
Energy Skills Training
Empower your team with skills and safety training to ensure compliance and continuous advancement.
Learn moreHR & Compliance
Provide role-specific knowledge, develop skills, and improve employee retention with career development training.
Learning Management System (LMS)
Learning Management System (LMS)
Assign, track, and report role-based skills and compliance training for the entire workforce
Learn moreEHS Management
EHS Management
Track, analyze, report health and safety activities and data for the industrial workforce
Learn moreLone Worker Safety
Lone Worker Safety
Enhance lone worker safety with two way risk communications, tools, and resources
Learn moreGovernment
Learn MoreFederal Training Management
Federal Training Management
Lower training costs and increase readiness with a unified system designed for high-risk, complex training and compliance operations.
Learn moreMilitary Training Management
Military Training Management
Increase mission-readiness and operational efficiency with a unified system that optimizes military training and certification operations.
Learn moreLocal Government Training Management
Local Government Training Management
Technology to train, prepare, and retain your people
Learn moreFire Marshall Training & Compliance
Fire Marshall Training & Compliance
Improve fire service certification and renewal operations to ensure compliance and a get a comprehensive single source of truth.
Learn moreFire Academy Automation
Fire Academy Automation
Elevate fire academy training with automation software, enhancing efficiency and compliance.
Learn morePOST Training & Compliance
POST Training & Compliance
Streamline your training and standards operations to ensure compliance and put an end to siloed data.
Learn moreLaw Enforcement Academy Automation
Law Enforcement Academy Automation
Modernize law enforcement training with automation software that optimizing processes and centralizes academy information in one system.
Learn moreEHS Management
EHS Management
Simplify incident reporting to OSHA and reduce risk with detailed investigation management.
Learn moreArchitecture, Engineering & Construction
Architecture, Engineering & Construction
Learn MoreLearning Management System (LMS)
Learning Management System (LMS)
Ensure licensed professionals receive compliance and CE training via online courses and learning management.
Learn moreOnline Continuing Education
Online Continuing Education
Keep AEC staff licensed in all 50 states for 100+ certifications with online training
Learn moreTraining
Training
Drive organizational success with training that grows skills and aligns with the latest codes and standards
Learn moreEHS Management
EHS Management
Track, Analyze, Report Health and Safety Activities and Data for AEC Worksites
Learn moreHR & Compliance
HR & Compliance
Provide role-specific knowledge, develop skills, and improve employee retention with career development training.
Safety Communication
Safety Communication
Enhance AEC workforce safety with two-way risk communications, tools, and resources
Learn moreCasino
Casino
Learn MoreAnti-Money Laundering Training
Anti-Money Laundering Training
Reduce risk in casino operations with Title 31 and Anti-Money Laundering training compliance
Learn moreEmployee Training
Employee Training
Deliver our leading AML and casino-specific online courses to stay compliant with national and state standards
Learn moreLearning Management System (LMS)
Learning Management System (LMS)
Streamline training operations, increase employee effectiveness, and reduce liability with our LMS for casinos
Learn moreEHS Management
EHS Management
Simplify incident reporting to OSHA and reduce risk with detailed investigation management
Learn moreEmployee Scheduling
Employee Scheduling
Equip your employees with a mobile app to manage their schedules and simplify your 24/7 staff scheduling
Learn moreIndustries
Industry
Resources
Resource Center
Expert insights to boost training
Resource type
Course Catalogs
Company
Course Center
September is #InsiderThreatAwarenessMonth. And while the risk category of insider threat encompasses a wide range of actors, motivations, and actions, I want to focus our attention this month on the high-tech insider.
Individuals with authorized access to your most sensitive corporate data and who are intent on causing your company harm or seeking personal gain pose a real and present danger. But if you train your workforce to understand the psychology of the dangerous, malicious insider, and deploy an anonymous, crowdsourced reporting system, you can effectively detect and prevent insider threats.
Written by guest writer Dan Verton, risk intelligence expert and award-winning journalist (The Insider), this article explores the history of high-tech insider crimes until that time. Many of the more recent cases are based on exclusive access to anonymized, real-world data loss threat assessments at major Fortune 1,000 companies. But in the 10 years that followed research for that book, Dan went on to cover the intelligence community as a journalist and editor through many of the major cyber incidents targeting U.S. government data, including China’s hack of the Office of Personnel Management and, most notably, Edward Snowden’s insider attack against the National Security Agency.
What follows is what Dan learned about the psychology of the malicious, high-tech insider and how organizations can leverage the eyes and ears of their loyal employees to detect and prevent the theft of intellectual property.
The motivations of malicious insiders are as varied as the techniques used to commit sabotage, espionage, theft or extortion. However, the most well-known studies of the psychological profiles of malicious insiders have revealed several common characteristics that make information technology professionals (particularly system administrators) an “at risk” population for malicious insider activity. In addition, these common traits make this group more vulnerable to outside manipulation by other criminals or international espionage efforts.
The most notable study was “Inside the Mind of the Insider,” conducted by Eric Shaw, a former CIA psychological profiler, and Jerrold Post, a former CIA psychologist and a noted expert on the psychology of terrorism and political violence. Post, who developed the Camp David Profiles for former President Jimmy Carter, characterizes internal cyber crime as a subset of workplace violence.
“In almost every case, the act which occurs in the information system era is the reflection of unmet personal needs that are channeled into the area of expertise,” Post said in an interview I conducted with him in July 2001.
“Almost all of these people are loyal at the time of hiring. So, this isn’t a matter of screening them out.”
Former CIA Pyschological Profiler Jerrold Post.
According to Post, while the majority of hackers are little more than garden-variety criminals, the world of cyber-crime does have its share of Lee Harvey Oswalds. One example is Abraham Abdallah, a 32-year-old Brooklyn busboy who in March 2001 managed to pull off the biggest Internet identity heist in history, stealing the online identities of 200 of the richest people in America. There is little difference in motivation between criminals like Abdallah and Oswald, Post said during our interview in 2001.
“To steal somebody’s identity is to escape from one’s place of insignificance. It’s a special species of assassination,” he says.
Increasingly, however, identity theft is simply a means to a criminal end, usually illicit financial gain. And again, those we should be most concerned about are the very individuals we entrust with managing critical data and systems. “Almost all of these people are loyal at the time of hiring,” Post said, “so this isn’t a matter of screening them out.”
It is, however, a matter of knowing who is at risk of malicious insider activity, how to recognize the warning signs, and how to manage and relieve workplace stressors that may push an employee over the edge.
Although there are studies dating back to the early 1990s that show malicious insiders have often suffered long periods of personal and professional failures, and have demonstrated little in the way of moral inhibitions when it comes to hacking, cracking, or espionage for retribution or personal gain, even some of the more recent cases in U.S. history point to the same stressors and pyschological weak points in dangerous insiders.
In 2014, Dan interviewed Dr. Harley Stock, a clinical forensic psychologist who’s taught at the FBI Academy in Quantico, Va., and asked him about his assessment of Edward Snowden, the former National Security Agency system administrator responsible for the 2013 theft and release of highly classified NSA surveillance program information. According to Stock, although many view Snowden as a whistleblower, his personal history tells a far different story.
“He’s very rare as an insider,” said Stock, pointing out most insider espionage cases have involved a desire for financial gain. “But when we look at Snowden, he has a very high need for attention and affection. This has shaped his life.”
For example, Snowden was ill as a teenager and failed to graduate high school. Then, his early college studies would fail to produce a degree. An attempt to join the U.S. Army Special Forces would fail in injury.
Transcripts of many of Snowden’s chat sessions, published by Ars Technica, show signs of somebody struggling to overcome a long string of personal and professional failures, and reveal a highly moralistic personality.
“Great minds do not need a university to make them any more credible: they get what they need and quietly blaze their trails into history,” he wrote.
Snowden brags in the anonymous online forum about his hacking skills and his ability to land sensitive government work without a formal education. He joined NSA in 2009, at which time he reappears on the chat boards of Ars Technica, complaining about leaks of classified information and criticizing The New York Times for printing it. “Those people should be shot,” he wrote.
Jim Van Allen is a Risk Assessment Consultant for Investigative Solutions Network Inc. and a former manager of the Criminal Profiling Unit of the Ontario Provincial Police who’s undergone behavioral sciences training at the FBI Academy. According to Van Allen, Snowden’s media interviews at the time reveal valuable information about his state of mind.
From a psychological point of view, Snowden seems to be moralistic and grandiose.
“When you look through Snowden’s interview with the Guardian, there was some very emotional, concrete and absolute language used,” Van Allen said during an interview I conducted with him in 2014. “Things were black or white, right or wrong. There’s very few areas of gray.”
Snowden also reveals paranoid thinking, according to Van Allen.
“His underlying thesis that the government could frame an innocent person by intercepting their communications and weaving it into a fraudulent storyline, that’s right out of ‘The Pelican Brief,’” said Van Allen, referring to the 1993 legal thriller by John Grisham. “Whether or not you want to call Snowden a whistleblower, when you get that type of personality coming into an organization, you are more at risk than if he wasn’t there.”
Studies of insider threats have shown that most individuals responsible for insider crimes were known to have committed some form of concerning or problematic behavior before acting directly against their organization. These actions included violations of policy and standard procedure, professional conduct, rules, regulations, or law through actions that had been observed by managers, supervisors and coworkers.
Although the national security community has moved to an approach called continuous evaluation, such data-intensive monitoring isn’t always the most effective way to detect a person who is heading down the path of criminal conduct. An engaged workforce, on the other hand, can observe, assess and report concerning behaviors that could prevent an insider from doing significant damage to an enterprise’s intellectual property, reputation and market competitiveness.
High Risk Behaviors That Your Employees Can Observe and Report:
However, an effective insider threat program doesn’t stop there. You need to make sure you have clear reporting guidelines that match your insider threat policy, and have a way for employees to report anonymously.
At LiveSafe, we know from studying years of risk data that phone, email and website hotlines are not as effective as mobile-app based anonymous reporting platforms. In addition, anonymous reporting platforms must have the ability to dynamically route information to key officials and decision makers, including HR, legal and other supervisors.
But above all else, training and educating your workforce to understand the baseline norms for your environment is critical. Your workforce is best positioned to know what doesn’t look right. At the end of the day, the best insider threat programs function in a culture where all employees understand the threat and have a way to engage with security officials.