According to some studies, 60% of attacks on corporate networks are done from inside the firewall. Reasons for this is inside attacks are easy to launch, they are difficult to protect against, and they are relatively low risk to the attacker.
So, in the corporate environment how do you spot a potential attacker? The ‘textbook’ inside man (sorry, that should be inside person these days), is classed as somewhat introverted, incapable of dealing with conflict or stress, frustrated with their job, might feel they lack respect of their workmates and/or bosses so have been passed over for promotion, and they suffer from office politics.
Now, there is often a moral aspect to this as well. People with high morals have a tendency to ‘suffer’ in modern corporations, and feel as if they have the morale ‘high ground’. Let’s be clear here, this is not just a case of these people then feeling ‘paranoid’, in these environments. To use the phrase ‘just because your paranoid it doesn’t mean they are not out to get you’, can be applied somewhat accurately here if you look at studies done by sociologists.
Robert Jackall, explored the ethics of modern corporate life in a book called “Moral Mazes”. In his findings he saw that it was often the case that managers had a separate morale code for dealings at work, to that of their everyday life outside the office. In effect, where they may have been seen as somewhat ‘bad’ or ‘evil’ at work, they actually had adopted an approach which he calls the “fundamental rules of corporate life”:
- You never go around your boss.
- You tell your boss what he wants to hear, even when your boss claims that he wants dissenting views.
- If your boss wants something dropped, you drop it.
- You are sensitive to your boss’s wishes so that you anticipate what he wants; you don’t force him, in other words, to act as a boss.
- Your job is not to report something that your boss does not want reported, but rather to cover it up. You do your job and you keep your mouth shut.
Robert Jackall saw case after case in which people that had violated this code, were drummed out of a business. I can’t help wondering where I would have been now if I had learnt these rules 30 years ago….. anyhow…
In Jackall’s book he illustrates one case where an accountant was dismissed after insisting that he report ‘irregular activities’ that he had found. The complaint against the accountant by the managers of his company was that “by insisting on his own moral purity … he eroded the fundamental trust and understanding that makes cooperative managerial work possible.”
Of course it’s not just the people looking for revenge or looking to ‘do the right thing’, that you have to worry about spilling your secrets.
There are still cases of spying. Competitors out there still want to gain the ‘upper hand’. They can ‘insert’ people into your company by waiting for the opening in your company, preparing someone to pass the interview, either as an employee, a contractor or just a temp.