The malicious Insider, Wellbeing, “Zappers and Sappers”
I recently started work for a client to look at their Human related cyber security vulnerabilities. The Human Factors Analyst’s aim, is to identify security vulnerabilities associated with the user’s deliberate malicious acts; errors introduced by a third party; or short cuts taken to save time.
There are many steps to this work undertaken over a number of stages. We use a number of HF tools and techniques including card sorts, focus groups, interviews, workshops, questionnaires.
Socio-technical vulnerabilities are linked together to form a credible attack path, culminating in a cyber affect (the consequence), and they vary in complexity. The risk of the attack path is assessed from the perspective of different “actor” capabilities that might be able to execute each attack. We then identify mitigations to each vulnerability.
One of the actors we consider, is the malicious insider. I was initially surprised to hear that one of the best indicators for a malicious insider is wellbeing. I read recently the threat from malicious insiders is increasing due to COVID 19, (see Deloitte’s article).
The more I thought about this, the less surprised I became. Employee wellbeing resonated with me having just started a new venture with Stirling and Nick. We were naturally going through Tuckman’s stages of group development and we were considering if we could bring in our first employee. I wasn’t worried about the malicious insider at User Centric Design, instead I started thinking about how employee wellbeing, during this pandemic, could affect staff turnover and team motivation. Those businesses who aren’t looking after their staff, during these challenging times, will likely see an increase in staff turnover when the pandemic comes to an end.
It got me thinking about those managers and leaders I’ve experienced during my career, that were “zappers and sappers”. The sappers, created environments of poor wellbeing which felt controlling, unsupportive, fearful of making mistakes, that bred distrust, created psychological insecurity and ultimately demotivated people. The staff turnover was high, irrespective of higher than average HF salaries.
The zappers, who were truly awe-inspiring, (there has only been two in my 20 years), created work environments that empowered, built trust in decision making, bred psychological security and energised staff. The result, was a motivated team that fostered open communication, collaboration and led to lower staff turn-over.
COVID 19 and remote working bring a number of new challenges, not only from the increased risk of the malicious insider but also to the wellbeing of staff. In my next post, I’d like to discuss the attributes of the good leadership I’ve experienced, how they lead to good team performance and wellbeing, and how we might foster a good working environment given the new remote working challenges many are facing.
In the meantime, stay away from the sappers and move towards the zappers!
If you’d like to discuss anything I’ve written about, please feel free to contact us.