File this under 'gee isn't that obvious'

Apparently it really does take a study of the US military and Carnegie Mellon's CERT to understand that there is a link between disgruntled employees and IT sabotage. The story notes:

Nearly all the cases of cybercrime investigated were carried out by people who were "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

They produced a study and model of which employees were most likely to commit sabotage. Security management vendor's claimed the solution is password management, which I wouldn't deny is part of the solution, but is it really that hard to spot a disgruntled employee? What if they put in a backdoor that you don't even know about? That password isn't going to do much good. And if any of my colleagues disagree with my viewpoint, perhaps they should be examined more closely for insidious intent as the vendor also noted:

I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.

Categories: