Study Show Link Between IT Sabotage, Work Behavior

narramissic writes "According to recent research by the U.S. military and CERT, workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

Access

[Prysorra]

*Cough* IT people are also likely to know *how* to properly sabotage computers for the maximum effect....

Yeah but...

[Lumpy]

The openly disgruntled will cause trouble when they leave.

the quiet meek ones will come in with automatic weapons and start "cutting expenses" when they leave.

I fear the quiet meek ones. They frighten me.

Re:Straight from the "No sh*t Sherlock" Department

[Panaflex]

Well, I think those are just symptoms of some nasty disease. If you've got people like that onboard - it's important to find out the causes and do what can be done to improve their workday.

I had a boss at (insert large corporation) who disrespected me, never allowed me to be challenged, set me up on a doomed project on my second week of work with people who didn't understand the business - and generally pissed me off. I was cussed out by the CIO and his Italian mobster friend who claimed to be a business manager.

After the second month I would have fit into most of those categories - simply because of the experience I'd had. I decided that my boss didn't deserve anything other than what was in my job description. I proceeded to immerse myself in the codebase, business, and financials. After a couple of months I was answering questions in meetings which the original developers didn't even know.

There on out, I involved myself in other projects, got involved in design and generally worked my way past my boss - though he was still my boss until he was layed off.

In the end, I was one of the architects. All the people who made my life miserable were fired, left, or otherwise shown the door. They caused millions of dollars in losses - and I made the company millions.

Moral of the story: Sometimes it's management.

Re:No way!

[ToasterMonkey]

No, it says...

The research suggests that potential troublemakers should be easy to spot. Nearly all the cases of cybercrime investigated were carried out by people who were "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

How exactly does that make these people easy to spot? What distinguishes them from anyone else fired from an IT position?
This article stinks.

Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.

I wouldn't recommend taking that attitude with ANY branch of your organization unless you're looking for a fight. Oh no! I might be one of them!

Best to stay on top of any unrest...

[djupedal]

I believe we've all seen this recent memo from HR, to all IT department staff: 'Floggings will continue until morale improves!'

But seriously, you could swap IT for any discipline and come up with the same bullet-point: "Study Shows Link Between Grounds Keeping Sabotage, Work Behavior" - so what's the point? Just because I hold your entire work history in my shaky, sweaty hands doesn't mean I will automatically go postal and cause trouble for you and your unborn grandchildren. A cafeteria worker can spit in the soup. A parking security wanker can key your new Astro. A disgruntled department head can arbitrarily black mark a borderline performance appraisal.

Screw this generalized dust-kickup of a 'study' and go talk to anyone you think just needs someone to listen. If they tell you they "can't talk...busy...voices said time to clean my guns", then you might want to restrict their security access for a while. Otherwise, treat them like humans and stop watching for signs the sky is getting ready to fall.

Seen this happen

[Anonymous Coward]

Fired employee disabled an error reporting module for a particular billing program. Finally noticed a couple years later ... figure the total missed revenue was a little over 2 million. CIO swept it under the rug out of embarrassment.

Re:An ounce of prevention

[MillionthMonkey]

You should assume witches are the biggest risk to your organizational security.

If any of the witches in your organization denies being a witch, remember that arguing with colleagues about it is one of the clear signs of impending witchcraft.

Re:Access

[Lehk228]

the users fuck up one computer, or maybe even introduce a virus to their office, a malicious IT worker could be quietly poisoning backup tapes for months, or better yet, configure the backup and restore system to use encryption reading the key off a USB key plugged into the back of the machine, when he quits he takes the usb key, or wipes it, and all that data becomes a pile of useless bits

Re:An ounce of prevention

[maetenloch]

This is bunk. How many disgruntled Automotive Industries went on a shooting spree and NEVER gave any signs? Most. Same for the classic Postal Workers... And what about the guy in Office Space?

Actually when they've investigated, it turns almost every disgruntled shooter DID give signs beforehand. It was just that most co-workers, manager, and neighbors ignored the signs or were clueless that they were significant. People almost never just 'snap' and become violent - usually there's a predictable series of escalating steps that they go through before that point. There's an excellent book, "The Gift of Fear" by Gavin De Becker, that goes into how to predict who will become violent at work. One of his main points is that when we find someone 'creepy', it's actually an early warning system that they're likely to be a danger. However due to social conditioning, people usually ignore their gut feelings which is a mistake. He also helped develop the model that the Secret Service uses to decide whether people who have made threats are probably harmless or likely to eventually commit violence.

Perhaps for some...

[Anonymous Coward]

"IT espically, they are a dime a dozen andthere is 6 of them out there waiting to take the one job."

That's because people go into IT because "they heard it was a good field to get into".

The people who are good at IT are hard to replace and are usually rewarded that way. There's no doubt that when you break into the field it's rough. But that's when you distinguish yourself. Your hard work didn't stop the day you graduated from a university... oh wait... you didn't go to a University?

Okay, let's start at the beginning:

1) The IT field is littered with has-been's, wanna-be's and never-was-es. Don't be one of those. How?
2) Show a commitment. Get a degree from a University. Doesn't matter what it is; if you're smart, you turn that to your advantage. If you want to be involved in the business, get a degree in business with a lot of programming courses. If you want to be involved primarily in the bits and bytes, get a degree more closely related to Computer Science. Information Management can be useful too, although the too are not at all similar. I have a computer science degree, my wife has an information management degree. I'm the director of architecture at a fortune 1000, she's a program manager at a fortune 2000.
3) Where's the Sysadmin paths? Unfortunately, the days of the Unix Admin with infinite knowledge have all passed. Well, not all. There are a few old timers left. God bless them, love them to death. They're really smart, and those last few guys get paid a lot. The rest? A dead end job. It puts food on the table. It's better than working at Wal-Mart.
4) All the good jobs in IT require that you start as a programmer. No exceptions. If you're not good at programming, you don't belong in IT.
5) Set your sights on moving up. You don't want to be the 45 year old programmer. Not unless you're so good that people just leave you alone to develop. If you're not sure you're that good, then you aren't. If you are that good, you can tell because your boss never hassles you about your hours, or anything. They let you alone because you're the goose laying the golden egg. God bless you. You are the heart and soul of this industry.
6) You've got to pay your dues in IT, and you may move around some. Changing jobs every 9 months guarantees you'll be a 50 year old programmer some day who knows VB6 really well and suddenly finds themselves without work.
7) Get better all the time. Read read read. Be energetic.
8) Understand the business you're in. Unless you aspire to #5. Push for ways to improve the business. And that doesn't include suggesting changes to the SCM.
9) Develop a 6th sense about what will help your career. Usually that goes hand in hand with helping the business but not always. When the two diverge, it might be time to leave. You don't want to be the 60 year old programmer who is good at FORTRAN on VAX. If I have to explain this to you, then you shouldn't be looking for a job in IT.
10) If you don't love this field, if you don't go into work in the morning because you can't imagine not doing it, then you don't belong in this field.

It's just statistics

[msobkow]

... almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly.

Here I thought that:

• Disgrunted meant you weren't happy with unstable systems that require hand-holding.
• Paranoia meant that you give a damn about system security, intrusion detection, logging to enable counter-intrusion measures, etc.
• Showing up late meant you were handling the pager calls.
• Arguing with colleagues meant you care about your job and system quality.

So most good IT people fit the profile, but maybe the last point is valid. :p