IT Relationships and the Malicious Insider

Abstract

A manager at Systematix Technologies has come forward with some troubling information. His departmental director may be leaking confidential contract information. When I was given the assignment, my manager was very specific that I report all my findings to her before anyone else. As I started the investigation I found a few things that are quite interesting: 1) the manager has zero concrete evidence for this accusation; 2) the network security officer isn’t concerned by the lack of concrete evidence, and wants to start monitoring Mr. Harman’s personal emails, calls, and voicemails immediately; 3) Although there is no concrete evidence for Mr. Patel’s claim, this is a serious threat and could be a case of a malicious insider, and cause to look into cybersecurity. Furthermore, the relationships here at Systmetatix are strained. There is a lack of trust between IT workers and rest, and this makes getting down to the unethical activity more difficult.

IT Relationships and the Malicious Insider

The manager in the contracts group at Systematix Technologies is suspicious his supervisor is leaking confidential contract information. This is a sensitive case because his supervisor, Mr. Harman, is the departmental director. When I was given the assignment, my manager was very specific that I report all my findings to her before anyone else. As I started the investigation I found a few things that are quite interesting: 1) the manager has zero concrete evidence for this accusation; 2) the network security officer isn’t concerned by the lack of concrete evidence, and wants to start monitoring Mr. Harman’s personal emails, calls, and voicemails immediately; 3) Although there is no concrete evidence for Mr. Patel’s claim, this is a serious threat and could be a case of a malicious insider. Furthermore, the relationships here at Systmetatix are strained. There is a lack of trust between IT workers and rest, and this makes getting down to the unethical activity more difficult.

As the Forensics Support Analyst, and two weeks fresh out of my first investigation, I feel more confident in my abilities conducting this digital forensics investigation. I am interested in whether Mr. Harman is indeed guilty of Mr. Patel claims. If so, it’s a tremendous threat to our company.

The role of the company privacy officer and network security manager

This case has the potential for whistle-blowing. Whistle-blowing is an effort made by an employee to call attention to unethical behavior that is dangerous to the company. Mr. Patel, the contracts manager, is the potential whistle-blower. I say potential because there is not enough information at this point to actually blow the whistle. That means Bart Oliver, the Company Privacy Officer, is concerned with two things: protecting the network and information systems of Systematix and the employees right to privacy. He made this clear in the interview by telling me both. Ms. Rodriguez, however, is concerned with the security of our network’s information. During a case like this, it’s her duty to take measures that secure our network. She told me in the interview she wants to start tracking Mr. Harman’s activities from email, to websites, to personal calls. I think some of this is warranted, but with the lack of evidence I have to keep Mr. Oliver’s employees right to privacy in mind.

IT workers, IT users, and employers

IT workers are fundamental to a company like Systematix. It’s also fundamental they maintain positive working relationships with the rest of the staff. During my interviews I was concerned how little trust Ms. Rodriguez has for people in the company. Although she is the security officer, we don’t want our employees being afraid of every action they take, fearing network security manager Rodgriguez will come for their heads. And if Mr. Harman is, in fact, leaking confidential contract information, then what kind of example is he setting for the IT workers in his department who have access to the same information? This is a threat that comes from the upper management, and that sort of behavior is dangerous to the company. In addition, Mr. Patel said a bulk of his information came from anonymous sources. Understandably, they are reluctant to come forward. If trust was valued more here, I wonder if they would be willing to come forward, as their information is crucial to this case.

Malicious insiders and cyber criminals

The threat of what Mr. Patel says is immense. He is proposing that Mr. Harman is a malicious insider. This is a major security concern. He could expose us to a wide range of fraud risks, and by leaking confidential information, theft of our assets. Mr. Patel tells me Mr. Harman has motives for this crime. He appears unhappy at his job, believes he can make more money with a competitor, and has special interest and personal gain from leaking the information. Even with hearsay information as the basis, I will have to exercise my full resources to find evidence as this has potential for a major security breach.

That being said, how do we know Mr. Harman isn’t the victim of a cyber criminal and is hesitant to come forward? It could explain his strange behavior. According to an article, the majority of managers are clueless when it comes to cyber security and hesitant to bring up things they don’t understand (Boehmer & Rajagopalan, 2013). This could be a stretch, but with the lack of evidence thus far, I can’t rule out any possibilities. Cyber criminals are a real threat and we’ll have to get a further opinion on this from Ms. Rodriguez.

The value of technology certifications

The value of technology certifications is always an interesting discussion. My manager asked about my plans to obtain my Encase certification during our interview. The short answer is soon, as the certification will give me more credibility in my career and future investigations. Sure, the merits of such certifications can be debated all day long, but they certainly cannot hurt. In regards to this case, all our employees could be certified to use better business practices and behavioral competencies, which could have given me a clearer picture into Mr. Harman.

Inappropriate use of computing systems

If Mr. Patel’s sources are correct, then Mr. Harman has been using our computing systems in an inappropriate manner. He should not be using the computing systems at Systematix to search online job boards. As a Forensics Support Analyst, this information shouldn’t be too difficult to find. And, even if Mr. Harman is innocent of all other accusations, this is enough to start monitoring some of his activities. As a figure of upper management and leader in the company, this cannot be the kind of behavior presented to the employees.

Reference

Boehmer, David, and Krishnan Rajagopalan. "Breaching the silence on cyber security: for all the sound and fury, many boards spend surprisingly little time on cyber security. Here are 10 questions directors should be asking management." Directors & Boards Fall 2013: 45+. Academic OneFile