A 2006 study from Carnegie Mellon's Computer Emergency Response Team (CERT) centre examined the psychological, technical, organisational and contextual factors that lead to insider sabotage.
CERT made six critical observations about IT staffers who attack their own organisations. So you could be in trouble if you've got:
- Problem children. Most saboteurs have personal problems (debt, alcoholism, anger and impulse control difficulties) that contribute to their malicious acts.
- Organisational disruption. In most cases, stressful events, including run-ins with the boss, reorganisations and organisational sanctions, precipitate insider IT sabotage.
- Bad attitudes. Behaviours to worry about include tardiness, argumentativeness, poor job performance and security violations. These are often observed before and during insider IT sabotage.
- Insecure systems. Before sabotage occurs, insiders often do things like create unauthorised backdoor accounts. Acts such as those should put you on alert.
- Dicey downloads. If you discover someone downloading password crackers, chances are, he's going to use them.
- Missing locks. Sabotage is facilitated by lack of controls for physical access (to rooms or buildings) and electronic access (to computing and network resources).