In this report, the authors describe recent literature on insider threats and white-collar crime in non-government organisations and industries and identify management strategies used to counter them, both internationally and in Australia. The report's findings are intended to help government organisations create the most effective strategies for prevention, detection, assessment, investigation, monitoring and management of these behaviours.
- How are insider threats and white-collar crime defined?
- What elements of insider threats and white-collar crime need to be understood to effectively address these challenges?
- How is the insider threat and white-collar crime threat environment changing?
- What strategies and approaches hold promise?
In this report, the authors describe the recent literature on insider threats and white-collar crime in non-government organisations and industries and identify management strategies used to counter them, both internationally and in the Australian context. The objective is to provide the Australian Department of Defence and the broader research and practitioner community with (1) access to sources that will generate greater understanding of the depth and breadth of the potential risks of insider threats and white-collar crime and (2) a scholarly evidence base on which to build strategies for better detection, management and prevention.
The authors analyse and evaluate recent Australian and international sources on insider threats and white-collar crime, concentrating on articles, reports and accounts that help define these threats and provide important context for management and mitigation strategies and emerging risks.
Key findings include challenges with identifying causal mechanisms due to the paucity of publicly available data; the importance of devising management strategies that engage with human and technical dimensions; the relative efficacy of self-regulatory approaches that generate a strong security culture; and the importance of recognising ethical and privacy concerns that can arise with increased use of new technologies, such as cybervetting.
- Definitional ambiguity persists on what constitutes a white-collar crime or insider threat. As a result, data sets are sometimes incomparable, which hampers the discovery of causal mechanisms.
- Understanding indicators, motivations and characteristics for white-collar criminals and malicious insiders means understanding the threat type, the psychology of the perpetrator and changes in the threat landscape.
- Because of the sociotechnical nature of both white-collar crime and insider threats, the profile of the criminal and the offence is constantly changing.
- Rules-based management approaches are important, but self-regulatory approaches are more effective, as they foster a positive work environment.
- Positive deterrence complements the use of negative deterrence by improving employees' satisfaction, performance and commitment to the organisation.
- Emphasise reducing motivation and opportunity as much as possible when developing mitigation strategies.
- Understand points of vulnerability and susceptibility, and develop response models that foster trust and leverage the workforce as a partner.
- Recognise that individuals do not typically begin in a role with the intention of committing a crime of this nature.
- Identify positive predispositions, as they may be harnessed to inhibit counterproductive behaviours and generate proactive motivational states.
- Develop effective reporting mechanisms, and recognise that staff observations can be critical in detecting counterproductive and criminal behaviours.
- Leverage innovations in technology and data-gathering mechanisms to find opportunities for early intervention in security clearance processes, but pay commensurate attention to the ethical and privacy concerns that arise.
- Ensure that management and mitigation strategies engage with human, technical and organisational dimensions.
- Maintain awareness of international best practices, and commit to information sharing.
Table of Contents
Context and Definitions
Effective Management in the Face of Threats
Sources for Best Practice Lists