Slashdot Mirror
Study Show Link Between IT Sabotage, Work Behavior
narramissic writes "According to recent research by the U.S. military and CERT, workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."
Interesting article. Unfortunately since most companies never wise up about security, its probably in the companies best interest to recognize the needs of IT workers instead of being even more paranoid about them. I used to work as a system administrator at a company where most of us where disgruntled due to the lack of progress of the company and poor leadership, then things got worse when the new owner of the company stopped trusting the admins for no good reason. This created a situation where long time employees started taking the attitude of "This company wouldn't survive for a month without me here". Amazingly, companies like this do survive the departure of their best employees.
workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly.
Maybe they just want their red stapler back.
The theory of relativity doesn't work right in Arkansas.
*Cough* IT people are also likely to know *how* to properly sabotage computers for the maximum effect....
Wow. That's odd. I would've figured IT workers who sabotage corporate systems would be the workers who are happy, secure, generally show up on time, work well with colleagues, and generally perform superbly. Goes to show you that logic doesn't always pay off. (I'm ready for the Troll/Flamebait mod guys :)
but I also happen to be far too lazy to do any of that shit.
If they'd turned up on time, were cordial with their colleagues and performed better, they'd never have been caught.
Disgrutled = Forced to install Notes
Paranoid = Forced to sit next to Notes Server all day waiting for the memory leak to take over
Late = Due to sleep deprevation from having to go in at 2am to reboot the Notes Server
Argumentative = Caught whispering "Exchange, bitches." under his breath
Poor Performer = Changed Cert ID password to "Fuck Notes"
Whats not to understand?
Well, I think those are just symptoms of some nasty disease. If you've got people like that onboard - it's important to find out the causes and do what can be done to improve their workday.
I had a boss at (insert large corporation) who disrespected me, never allowed me to be challenged, set me up on a doomed project on my second week of work with people who didn't understand the business - and generally pissed me off. I was cussed out by the CIO and his Italian mobster friend who claimed to be a business manager.
After the second month I would have fit into most of those categories - simply because of the experience I'd had. I decided that my boss didn't deserve anything other than what was in my job description. I proceeded to immerse myself in the codebase, business, and financials. After a couple of months I was answering questions in meetings which the original developers didn't even know.
There on out, I involved myself in other projects, got involved in design and generally worked my way past my boss - though he was still my boss until he was layed off.
In the end, I was one of the architects. All the people who made my life miserable were fired, left, or otherwise shown the door. They caused millions of dollars in losses - and I made the company millions.
Moral of the story: Sometimes it's management.
I said no... but I missed and it came out yes.
If you ever worked with Notes, you would thank Microsoft everyday for Exchange.
The last few paragraphs of the article are more-or-less unedited PR hype from a vendor:
"According to security management vendor Calum Macleod of Cyber-Ark..Macleod's solution is password management....'If privileged password management is not on your shopping list in 2007 it may already be too late.'"
This is preceded with a 'people who say you shouldn't buy my product may already be criminals':
"'if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.'"
I can't believe this ran! This reporter was shockingly lazy.
I believe we've all seen this recent memo from HR, to all IT department staff: 'Floggings will continue until morale improves!'
But seriously, you could swap IT for any discipline and come up with the same bullet-point: "Study Shows Link Between Grounds Keeping Sabotage, Work Behavior" - so what's the point? Just because I hold your entire work history in my shaky, sweaty hands doesn't mean I will automatically go postal and cause trouble for you and your unborn grandchildren. A cafeteria worker can spit in the soup. A parking security wanker can key your new Astro. A disgruntled department head can arbitrarily black mark a borderline performance appraisal.
Screw this generalized dust-kickup of a 'study' and go talk to anyone you think just needs someone to listen. If they tell you they "can't talk...busy...voices said time to clean my guns", then you might want to restrict their security access for a while. Otherwise, treat them like humans and stop watching for signs the sky is getting ready to fall.
And I said, I don't care if they lay me off either, because I told, I told Bill that if they move my desk one more time, then, then I'm, I'm quitting, I'm going to quit. And, and I told Don too, because they've moved my desk four times already this year, and I used to be over by the window, and I could see the squirrels, and they were married, but then, they switched from the Swingline to the Boston stapler, but I kept my Swingline stapler because it didn't bind up as much, and I kept the staples for the Swingline stapler and it's not okay because if they take my stapler then I'll set the building on fire...
According to the research, 86 percent of those who committed cybercrimes held ...
That's nearly useless information. By analogy, nearly 100% of rapists are male, yet very few males are actually rapists.
What about workers who are routinely abused? Workers who are pushed to make themselves desperate (financially desperate, usually) to keep the job so they can be treated like slaves, and who are then forced to work long hours for no extra pay because they're salaried, constantly threatened with termination, blamed for problems but denied power to deal with them, and so on, did the study account for that? Doesn't look like the study did. Study talks about "work behavior" but not "work treatment", as if companies have no effect on whether a worker would want to sabotage something.
Ignoring signs-- signs such as a person coming in late who had always come in on time in the past-- is a sure invitation to trouble. People who feel they can't communicate one way will communicate another way. Maybe before concluding that someone who is causing "trouble" better be escorted off the premises in handcuffs before they can do real damage, management ought to try a few other things first. Like, listen in such a way that workers feel they can speak openly. And removing the temptation. If a nuclear missile could be launched with the push of one button, it probably would've happened. Good thing the missiles require several keys, codes, and such like.
This study strikes me as narrow.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Those who are capable of wrecking systems thoroughly are usually also smart enough not to show signs that they are willing to do so... The ones who grumble and complain need to be shown the door before they wreak havoc or, pacify them. It's the non-complainers you need to make sure are really happy because if they're not...you could be screwed.
I reserve the right to think for myself. Others' opinions are optional. Puppy on lap = typos...not illiteracy.
BEDEVERE:
Quiet! Quiet! Quiet! Quiet! There are ways of telling whether she is a witch.
VILLAGER #1:
Are there?
VILLAGER #2:
Ah?
VILLAGER #1:
What are they?
CROWD:
Tell us! Tell us!...
BEDEVERE:
Tell me. What do you do with witches?
VILLAGER #2:
Burn!
VILLAGER #1:
Burn!
CROWD:
Burn! Burn them up! Burn!...
BEDEVERE:
And what do you burn apart from witches?
VILLAGER #1:
More witches!
As a sysadmin/webmaster at a small company I was involved in the infrastructure and in daily stuff that made money, like doing websites for the company's customers.
At one point I was drawn into an "argument" with colleagues over two things:
1) they needed a new box to run the firewall on. Owners wanted to postpone indefinitely. Sysadmin pressed his point. CEO suspected sabotage or other agenda... in spite of having had a prior avoidable firewall failure take down the network. He decided the sysadmin was crying wolf, or worse.
2): graphic designers and marketing people had proposed, priced and designed a website concept without consulting the guy who was going to code it. There were problems in the executability of the design and an underbid situation.
A technical problem that could be solved with a technical approach, if there were trust. Once again, sysadmin/webmaster "argued" for another approach on technical grounds. Answer: defenses, emotionalism, circle the wagons.
Net result of both contentions: emotionalism, accusations; sysadmin forced to resign.
The firewall did have a hardware failure after about six months; the website proposal flopped and the company lost their major client's web work. Satisfaction for the sysadmin? H**l no. There are no winners in something like this. You need to work with people you can trust and who trust you. This untrusted crap is destroying the very idea of "a good job" and consuming businesses and relationships from within.
You have to be able to air the relative merits of various technical approaches in a respectful, professional way so that what's rational and feasible emerges.
If this is "arguing with colleagues", resulting in an immediate security red-flag and dismissal... how can you have peer review or objective discussions? Worse still, it means we've descended into a totalitarian workplace.
Let's see... the study shows that people who are fired generally are considered by their employers to have performed poorly...
... I have yet to meet a "gruntled" IT professional.
This is groundbreaking!
And while we're at it: How many employees who do NOT sabotage corporate systems "are disgruntled", "are paranoid", "generally show up late", and/or "argue with colleagues"?
Last time I looked:
- A large fraction of the best IT people often work late, for any or all of several reasons: They prefer it, they need to work when load is light to minimize impact on business processes, fixing what the users broke during the day skews the time of their peak workload to later than that of the mainstream users, etc.
They often work more than a normal workday - but they'd have to work two shifts every day and only take time out for sleep, in order to come in bright and early to impress the suits who read this "study". But any sane IT professional will take advantage of flex time and come in late instead.
Programmers and other IT professionals coming in late has been a stereotype since computers used vacuum tubes. (I know because I was there and was one of many who created it. B-) )
- "Argue with colleagues"? Maybe yes-maning works in the executive suite. But when a crew of experts is chasing down a problem there will be a slew of hypotheses tried and discarded, with different workers coming up with different hypotheses and evidence to falsify them. To an outsider this looks like an argument, when it's actually progress. Experts will also often have differing opinions and will discuss them - ditto.
(I recall one company where upper-level executives quietly added themselves to an engineering internal mailing list. There we discussed the latest problems - often heatedly - until they were solved. When one was solved the traffic on THAT problem stopped cold and another would take its place. To the suits it looked like a disaster, when in fact the project was on time, within budget, exceeding targets, and still looked like it would have been a quantum leap when delivered - if the company hadn't suddenly shut it down...)
- "disgruntled"? With the continuing budget shortfalls, IT resource expansion always lagging company growth, lusers opening virus email,
- "paranoid"? (I presume we're talking the folk etymology, not clinical paranoia.) IT, like other forms of engineering, is an exercise in staying at least one step ahead of Murphy's Law. If an IT professional isn't "paranoid" he's not doing his job.
Watch the suits who saw this start canning their best IT people - zero-notice style. (That's where the employee arrives at work to find his cardkey doesn't work his passwords are rescinded, and he is escorted to HR where he is handed two weeks pay in lieu of notice, a box containing anything from his desk that the company didn't think was theirs, and a threatening document in lawyerese, and then kicked out of the building.)
And of course the fired employees will be blamed when the network starts to go to hell when the remaining people can't apply duct tape and chewing gum fast enough or the next rash of malware gets past the firewall.
= = = =
This reminds me of the "profiles" of school-age mass-murderers: They're always described as loners and introverts who don't get along with others in their school. In other words, just like all the nerds who get pounded on by the jocks and snubbed by the cheerleaders and queen-bees and react by withdrawing from contact with the "beautiful people" cliques. And every time one of these "studies" come out the administrators (generally former "beautiful people" themselves) dump on the nerds and side with the jocks that much more...
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"Where quality is like a dead stinking rat - you just can't miss it."
"IT espically, they are a dime a dozen andthere is 6 of them out there waiting to take the one job."
That's because people go into IT because "they heard it was a good field to get into".
The people who are good at IT are hard to replace and are usually rewarded that way. There's no doubt that when you break into the field it's rough. But that's when you distinguish yourself. Your hard work didn't stop the day you graduated from a university... oh wait... you didn't go to a University?
Okay, let's start at the beginning:
1) The IT field is littered with has-been's, wanna-be's and never-was-es. Don't be one of those. How?
2) Show a commitment. Get a degree from a University. Doesn't matter what it is; if you're smart, you turn that to your advantage. If you want to be involved in the business, get a degree in business with a lot of programming courses. If you want to be involved primarily in the bits and bytes, get a degree more closely related to Computer Science. Information Management can be useful too, although the too are not at all similar. I have a computer science degree, my wife has an information management degree. I'm the director of architecture at a fortune 1000, she's a program manager at a fortune 2000.
3) Where's the Sysadmin paths? Unfortunately, the days of the Unix Admin with infinite knowledge have all passed. Well, not all. There are a few old timers left. God bless them, love them to death. They're really smart, and those last few guys get paid a lot. The rest? A dead end job. It puts food on the table. It's better than working at Wal-Mart.
4) All the good jobs in IT require that you start as a programmer. No exceptions. If you're not good at programming, you don't belong in IT.
5) Set your sights on moving up. You don't want to be the 45 year old programmer. Not unless you're so good that people just leave you alone to develop. If you're not sure you're that good, then you aren't. If you are that good, you can tell because your boss never hassles you about your hours, or anything. They let you alone because you're the goose laying the golden egg. God bless you. You are the heart and soul of this industry.
6) You've got to pay your dues in IT, and you may move around some. Changing jobs every 9 months guarantees you'll be a 50 year old programmer some day who knows VB6 really well and suddenly finds themselves without work.
7) Get better all the time. Read read read. Be energetic.
8) Understand the business you're in. Unless you aspire to #5. Push for ways to improve the business. And that doesn't include suggesting changes to the SCM.
9) Develop a 6th sense about what will help your career. Usually that goes hand in hand with helping the business but not always. When the two diverge, it might be time to leave. You don't want to be the 60 year old programmer who is good at FORTRAN on VAX. If I have to explain this to you, then you shouldn't be looking for a job in IT.
10) If you don't love this field, if you don't go into work in the morning because you can't imagine not doing it, then you don't belong in this field.
_If_ he's a sociopath (you can't diagnose that from just one message), it just doesn't work that way. You're making the usual mistake of assuming that all humans are essentially, well, equally human and you only need appeal to someone's humanity/feelings/moral-sense/flash-of-enlightenm
Sociopathy is, simply put, completely lacking the empathy and connection to other humans. It's being the only human in a single-player world full of generic NPCs. They're not your peers, they don't matter, their feelings don't matter, they're there just to be used, abused, manipulated, lied to, whatever gets you closer to your objectives.
Think of your relationship to NPCs in a computer game. Do you really care what that generic NPC in Oblivion or GTA feels or thinks? Do you care if he/she had a bad day, or if his/her kid is sick? Would you feel any sense of accomplishment of having him/her as a friend? Would you feel bad for clicking on a complete lie dialogue choice just to finish a quest? Would you even really think of them as a "he" or a "she", or more along the lines of "it"? I mean, don't be silly, it's just a game and just a scripted NPC. Right?
Well, in a nutshell that's the kind of world that a sociopath lives in. You can't even be seen as a friend by one. You're at most a sucker to be used for a purpose, even if that purpose is a few minutes of entertainment.
So expecting that one would wake up one day and think "man, I wasted my life, I should have made friends" is naive. That's the kind of notion that doesn't even compute in their world. Or not for the same meaning of "friend" that you'd use.
A polar bear is a cartesian bear after a coordinate transform.