The Case of JPMorgan Chase A recent article from Bloomberg revealed that JPMorgan Chase & Co. is among the first of financial companies to use a program that evaluates insider threat -- that is, the possibility that a rogue employee will attack or damage their employer's information system or security.

This program pieces together dozens of variables to construct a digital mugshot of each employee. These variables range from whether employees skip compliance classes to whether they have breached or overridden company-placed limits.

It is no secret that Wall Street has faced incriminatory charges in the past. The industry has faced billions of dollars in fines for employees who rigged markets, cheated clients and other corporations, and assisted criminals both within and beyond our borders. In response, JPMorgan is electronically analyzing textual information ranging from e-mails and chats to telephone transcripts with the intention of uncovering concealment or deception.

"We're taking technology that was built for counter-terrorism and using it against human language, because that's where intentions are shown." -- Tim Estes, CEO of Digital Reasoning Systems, Inc. [Quote from Son, 2015]

Recent Work in Deception Detection

This area of work is growing increasingly prevalent in psychological and computer science research. While attending the Annual Convention of the Association of Psychological Science a few weeks ago, Paul Taylor (Lancaster University) presented his ongoing work in deception detection. His presentation, "Detecting Insider Threats through Language Indicators," used tools available through to assess a series of text-based indicators in e-mail conversations between participants, who were told to act as employees. Taylor identified these indicators based on based research in information systems and computer science related to the detection of Insider Threat, and include:

  • distance from coworkers;
  • work disinterest;
  • disgruntlement;
  • cognitive load of managing attack (i.e., concealing rogue intentions from coworkers);
  • tentative words, discrepancies; and
  • increase in first-person pronoun use, rather than plural pronouns (even when working closely with coworkers as a team).

Many of these indicators -- such as evidence of cognitive load, use of negative or tentative words, and changes in pronoun use -- were quantified through the text analysis software program LIWC (Linguistic Inquiry & Word Count; Pennebaker, 2007).

Taylor randomly assigned participants to be rogue employees, but -- if given this assignment -- to keep this role private. He then compared his predicted language indicators between rogue and control participants, who were asked to work together through e-mail as though working for the same organization.

Across these indicators, Taylor was able to identify 83.3-92.7% of "rogue" participants accurately.

"Like the Back of Your Hand"

The significance of such a finding -- in which simple language indicators may jointly identify and prevent an Insider Threat risk -- cannot be understated. To be sure, Taylor's work faces a considerable limitation in that rogue employees are not randomly assigned: Individual differences predicting one's likelihood of engaging in such harmful or illegal actions remain to be reliably identified. But even so, the progress made by JPMorgan Chase and researchers such as Paul Taylor could be monumental in the fight against Insider Threat. Unlike external hackers, who are often discussed as the true villains of hacking and security breaches, rogue employees are of a different and equally -- if not more so -- dangerous beast. They aren't scaling a wall they've never crossed; they may know their company's system like the back of their hand -- its twists, its caveats, its weaknesses -- and if given a need for revenge, they also have a motive that extends far beyond financial gains.

Interested? Give These a Read:

  • Greitzer, F. L., Moore, A. P., Cappelli, D. M., Andrews, D. H., Carroll, L. a., & Hull, T. D. (2008). Combating the insider cyber threat. IEEE Computer Society, pp. 61-64.
  • Puleo, A. J. (2004). Mitigating insider threat using human behavioral influence models [Dissertation]. Department of the Air Force, Air Force Institute of Technology. Wright-Patterson Air Force Base, OH.
  • Randazzo, M. R., Keeney, M., & Kowalski, E. (2005). Insider threat study: Illicit cyber activity in the banking and finance sector [White paper]. Produced by the National Threat Assessment Center, United States Secret Service, Carnegie Mellon Software Engineering Institute.