In today’s digitally intertwined world, we face unprecedented risks that stretch beyond traditional cyber threats like malware or phishing. As outlined in the recent study by the Defense Personnel and Security Research Center (PERSEREC)​, one of the most concerning dangers is the rise of insider threats. This research highlights that individual predispositions—such as personality traits, dark triad traits, emotional issues, and mental health—can significantly increase the risk of insider attacks. But how does this relate to cyber-psychology, and more importantly, what can we do about it?
At MindShield, we see these findings as part of a larger conversation about how technology is impacting human well-being and the future of our digital interactions. Cyber-psychology, the intersection of technology and human behavior, is vital in understanding and combating threats that arise from both internal and external influences. It’s not just about securing systems; it’s about protecting minds from manipulation, misinformation, and cognitive vulnerabilities.
Insider threats often develop over time, and are driven not just by external opportunities but by internal psychological struggles that can go unnoticed. The emphasis is on identifying and addressing these risk factors early on to prevent potential harm.
The PERSEREC Study on Insider Threats
The PERSEREC study (click here for the full study) focused on the psychological and behavioral traits that contribute to insider threats—individuals within an organization who pose security risks by misusing their access to sensitive information. It underlines the importance of psychological screening as a preventive measure to insider threats​. In essence, it shows that human vulnerabilities, whether emotional, social, or psychological, can be exploited to cause significant harm.
Summary: Shaw and Sellers’ (2015) Critical Pathway Model (CPM) has emerged as a leading framework to conceptualize the transformation of a trusted insider into a malicious attacker. CPM, however, is a descriptive framework rather than a predictive model, which limits its utility for policymakers. This report assesses the empirical evidence that underlies one portion of the CPM—individual predispositions—to determine whether or not DoD should expand its psychological screening program to include more, if not all, applicants as one way to fairly, efficiently, and effectively mitigate the risk of future insider attacks.
This research reveals a complex web of psychological factors and personal predispositions that can increase the likelihood of an individual becoming a security threat.
Some of the key findings include:
Psychological Predispositions Matter: The study confirms that individual psychological traits—like narcissism, psychopathy, and Machiavellianism (often called the "Dark Triad")—are significantly correlated with insider threat behavior. While these traits alone do not predict an attack, they form part of a broader set of risk factors.
Personality and Behavioral Screening Can Reduce Risk: Organizations that use psychological assessments can detect early signs of behavior that might lead to insider attacks. While such assessments are not foolproof, tools like the Minnesota Multiphasic Personality Inventory (MMPI) and the Personality Assessment Inventory (PAI)are useful for identifying high-risk individuals, especially when combined with ongoing evaluations throughout an employee’s career.
Cost and Feasibility: Implementing large-scale psychological screening across all employees would be expensive and logistically challenging. The report suggests that screening efforts should focus on individuals with higher levels of access to sensitive information and that regular reassessments are needed to address changing risk factors over time.
Ethical Concerns: There is also the potential for misuse of psychological screening. Over-reliance on screening could stigmatize certain employees, discourage them from seeking mental health support, or create false positives, where individuals are incorrectly flagged as threats due to certain personality traits like introversion or emotional instability.
READ THE FULL STUDY: An Evaluation Of The Utility of Expanding Psychological Screening To Prevent Insider Attacks
These findings suggest that while psychological screening is a valuable tool for preventing insider attacks, it must be implemented carefully, with ongoing research into best practices to ensure that it is both effective and fair.
SOURCE & PUBLICATION: Defense Personnel and Security Research Center, Office of People Analytics
AUTHORS:
Jessica A. Baweja (Northrop Grumman Technology Services)
Shannen M. McGrath (Northrop Grumman Technology Services)
Danielle Burchett (TechWerks)
Stephanie L. Jaros (Defense Personnel and Security Research Center, Office of People Analytics)​.
COMPETING INTERESTS: None stated or referenced.
Comentarios