Spy Tech That Reads Your Mind - Leaks, theft, and sabotage by employees have become a major cybersecurity problem
On any given morning at a big national bank or a Silicon Valley software giant or a government agency, a security official could start her day by asking a software program for a report on her organization’s staff. “Okay, as of last night, who were the people who were most disgruntled?” she could ask. “Show me the top 10.”
She would have that capability, says Eric Shaw, a psychologist and longtime consultant to the intelligence community, if she used a software tool he developed for Stroz Friedberg, a cybersecurity firm. The software combs through an organization’s emails and text messages—millions a day, the company says—looking for high usage of words and phrases that language psychologists associate with certain mental states and personality profiles. Ask for a list of staffers who score high for discontent, Shaw says, “and you could look at their names. Or you could look at the top emails themselves.”
Many companies already have the ability to run keyword searches of employees’ emails, looking for worrisome words and phrases like embezzle and I loathe this job. But the Stroz Friedberg software, called Scout, aspires to go a giant step further, detecting indirectly, through unconscious syntactic and grammatical clues, workers’ anger, financial or personal stress, and other tip-offs that an employee might be about to lose it.
To measure employees’ disgruntlement, for instance, it uses an algorithm based on linguistic tells found to connote feelings of victimization, anger, and blame. For instance, unusually frequent use of the word me—several standard deviations above the norm—is associated with feelings of victimization, Shaw says. Why me? How can you do that to me?Anger might be signaled by unusually high use of negatives like no, not, never, and n’t, or of “negative evaluators” like You’re terrible and You’re awful at that. There might be heavy use of “adverbial intensifiers” like very, so, and such a or words rendered in all caps for emphasis: He’s a ZERO.
It’s not illegal to be disgruntled. But today’s frustrated worker could engineer tomorrow’s hundred-million-dollar data breach. Scout is being marketed as a cutting-edge weapon in the growing arsenal that helps corporations combat “insider threat,” the phenomenon of employees going bad. Workers who commit fraud or embezzlement are one example, but so are “bad leavers”—employees or contractors who, when they depart, steal intellectual property or other confidential data, sabotage the information technology system, or threaten to do so unless they’re paid off. Workplace violence is a growing concern too.
Though companies have long been arming themselves against cyberattack by external hackers, often presumed to come from distant lands like Russia and China, they’re increasingly realizing that many assaults are launched from within—by, say, the quiet guy down the hall whose contract wasn’t renewed. The most spectacular examples have been governmental—the massive 2010 data dump of more than 700,000 classified files onto WikiLeaks by Chelsea Manning (then known as Pfc. Bradley Manning) and the leaks by former intelligence contractor Edward Snowden in 2013. While those events were sui generis, they opened the world’s eyes to the breathtaking scope of every organization’s vulnerability.
Read more here: fortune.com/insider-threats-email-scout/