The recent arrest of a Mossack Fonesca employee in Geneva has called into question the motivations behind insider threats. Over the past four months, MF, a Panama-based law firm, has experienced two major breaches in data security.
The first of these, dubbed the “Panama Papers scandal,” has broken records as the largest leak in history. In April of this year, 2.6 terabytes of private data were leaked under the uninspired pseudonym “John Doe.” To put the size of the leak into context, 2.6 terabytes would take just over 16 months to download on a typical home broadband connection.
The data breach amounted to around 11.5 million documents, detailing the financially dubious activities of politicians, bankers and businesspeople. The reputational fallout from the leaks has been pervasive for those named in the documents. Geopolitical leaders have been pressured or forced to resign: Iceland’s Prime Minister resigned after political protests and oppositional pressure, while David Cameron was forced to defend his inheritance in Parliament after his father was named in the papers.
MF vehemently ruled out the notion that an insider leaked the documents. Ramon Fonesca, one of the law firm’s founders, stated that it was a hack from an external source. According to the firm, none of its employees could possibly be behind such a scandal.
Fast-forward to June 15th. A mere two months after the Panama Papers scandal was publicised, MF experienced a second data breach. An IT worker of MF’s Geneva office was arrested on suspicion of data theft, unauthorised access, and breach of trust.
The big question surrounding the arrest still remains: Did the same person commit these breaches? Was the Panama Papers scandal an insider attack committed by one of MF’s IT workers?
Perhaps the answer is not important. If “John Doe” was an external hacker, it is unlikely he would have had such a level of access without the help of an MF employee. If “John Doe” is the IT worker, then the man behind the world’s biggest data breach acted with the intention to sabotage the organization he worked for.
Whatever the case, the take-home message for MF stays the same: As an organization, MF is fostering an environment that is increasing its vulnerability to an insider attack.
Most insider threats are made, not born. Employees do not often join the world of work with overt intentions to steal from, damage or sabotage their organization. Instead, they are jaded after a sequence of disenchanting events, leaving them cynical, angry, and driven to balance the scales.
Disenchantment is not a solitary existence, but instead clusters around ineffective and damaging management practice. Managers account for nearly 70 percent of the reasons an employee is disenchanted. Organizations are often unaware of how their culture increases their vulnerability to the insider threat.
Ramon Fonesca was adamant that the Panama Papers scandal was not instigated by one of MF’s employees. But what was the foundation of his certainty? Organizations often experience comparative optimism when it comes to insider threat: “This type of thing only happens to other companies, not to ours.”
It is unlikely this is the only instance of MF employees intentionally harming their organization; it is merely the biggest and most public. Employee deviance does not solely represent such large-scale events that captivate our newspaper headlines. They range from small acts of deviance — arriving to work late, leaving early, and intentionally doing work wrong — to more costly endeavours — fraud, theft, and sabotage. Disenchantment ebbs away at organizations’ productivity, efficiency and profitability.
Identifying where insider threat might emerge is not a witch hunt. It is not about scouring staff to root out malevolent individuals. It should be an inquisitive self-reflection into how a business’s organizational culture and management practices may be causing resentment and disenchantment among its workforce. Only by identifying and rectifying the source of disaffection can an organization remedy its internal vulnerability and bolster its personal security.
Luke Treglown is an analyst and marketing executive with JTiP. His background is in psychology, with a specialization in scientific enquiry to understanding human risk, capability and threat in an organizational and intelligence setting. With JTiP, Treglown offers insight into how organizations can reduce disenchantment and the insider threat within their workforce.