Recent leaks from the Military, Intelligence Community and even the Supreme Court (on abortion rights) have renewed attention to the role leakers play in domestic and national security affairs. But leaks are among many forms of damaging employee activities that can undermine legal and political processes, damage organization morale, reputation and performance, destroy organizational assets and kill coworkers. This work examines two sides of acts of sabotage, espionage, intellectual property theft, leaks, workplace violence, fraud, anonymous threats and other insider acts. First the psychological processes these offenders often go through on their way to committing these acts are examined through both case studies and analysis of patterns across hundreds of cases. Second, the tools and skills a psychologist has used to detect and manage these risks over two decades of investigations are described in several detailed and vivid case studies.
The work starts with three insider cases—approached from three different investigative perspectives or roles—a therapist working with an active insider leaking proprietary information; a corporate psychological consultant dealing with an active case of hacking and violence risk; and an expert witness for the Department of Justice defending the Department of Defense in a $50 million dollar lawsuit related to the 2001 Anthrax attacks. These cases represent many dimensions of the complex contributors to insider risk and the Critical Pathway to Insider Risk (CPIR) descriptive framework. These three roles provided slightly different views of insider behavior and motivation within specific organizations. This is followed by the description of the Critical Pathway to Insider Risk, using both illustrative cases and group data. We also spend some time describing three risk factors that appear to escalate and intensify the journey of subjects down this pathway—Disgruntlement, certain personality characteristics and Problematic Organizational Responses. The next section describes several behavioral science methods used in actual cases to identify signs of insider risk from subject communications and other data, narrow a field of likely suspects, generate case management options and aid law enforcement in making arrests.
This work is designed for managers, investigators, analysts, data scientists, psychologists and other working professionals in security, counterintelligence, human resources and employment law, concerned with insider risk. My hope is that the work is also accessible, and attractive to, general readers interested in unique investigations.