On fear of paranoids: where did the development of an analytics system lead us to fight industrial espionage?

One of our customers had a rather interesting request related to the work of counterintelligence in the enterprise. The goal is to ensure that more than expensive (including for the state) information is not carried out. The idea of ​​implementation is the collection of all possible open data about employees and the identification among them of “Cossacks” by behavior patterns. Actually, this was done before the security men manually, but now it was proposed to use good data mining.

And then it became scary: we realized how much we can learn about each other using only open data. From industrial espionage to personal relationships at work. It took so much that we almost had cut the publication of this post. Yes, and would cut, if the useful "civilian" applications would not have been many times more.

So imagine an enterprise. We have experimented with its security bus, but you can imagine your office (and not be mistaken).
')
Here is what we can get at the entrance from the security guards (and that will definitely be available when solving more specific tasks of the enterprise’s counterintelligence):

1. Data for each employee from the personnel department.
2. Mail server data - who, when and to whom wrote (we do not see the text of the letter and the topic).
3. Data on calls by corporate numbers (what we do not know about these calls, only the time of making, the duration and the number of the called subscriber).
4. Data of all access control systems, including RFID turnstiles, key keepers and number and face recognition systems.
5. Data on weather, office events (training) and other external events.
6. Data from project trackers (who did what and when).
7. Data that gives the robot, crawling on the corporate social network, able to parse profiles and other open data.
8. Data on vacations, business trips, etc.

Plus, we assumed how this data could be enriched with full access to the security bus of real regime objects, and we began to draw conclusions.

To begin with, it turned out that we can create a communication base in real time. Someone who wrote and called - it is simple and accessible to everyone. According to the ACS, it is still possible to very quickly find out who went to smoke together - they both go beyond the perimeter and arrive at about the same time. Analytics of changes in the time of joint “cigarettes” suggests a serious conversation in the smoking room. And enriches the graph of informal links. Then we found out another magical thing: employees in the dining room pay for corporate passes, that is, the same ACS-bus is valid. This can enrich our knowledge of the graph of informal relationships. Plus key case. Plus everything else.

What does the connection graph give us? A lot of things. First, we took the real data of “corporate spies” for training, more precisely, those people who had already gone to other companies, taking with them some valuable and not very much data. It turned out that right before the evacuation point (dismissal) such employees not only begin to massively swing (without reading) all the available documents (which is very easily fired out by security guards), but also a little earlier dramatically collapse the communication graph. That is, as soon as someone shows activity to reduce the graph - this is a sign of close care. We put a picture on a sample of employees who left at their own will - and it turned out to be quite clearly the same. Great, we learned how to predict leaving shortly before being fired.

An engineer, for example, clearly does not have to communicate with an employee of the legal department. Do you communicate? Most likely, they have some kind of informal relationship. Maybe they are just close friends, and maybe we have a case of the beginning of penetration, if the object is regime. With this hypothesis, we went to psychologists. They wickedly rubbed their hands and decided to join the project.

From this moment on, the evening stopped being languid.

The graph of connections makes it clear who does what. According to the corporate social network, for example, we found that when one position is declared in a project, an employee can often answer questions on another topic. And to be an informal expert, although there will not be a formal personnel officer. For “counterintelligence”, this means that when an employee does not match his or her file, it is worth looking at him. For our personnel officers in peaceful use, this means a whole swarm of opportunities:

1. It can be seen who and what really understands cool.
2. The link graph allows you to identify the actual leader under the nominee manager (this is often the deputy or secretary - by the way, the secretary because he is responsible for the chief). This is called “finding a center of influence” and is also important for identifying impact points with the help of social engineering.
3. It can be seen which projects are interesting to whom. So, if a person is bored, you can offer him a project that he will definitely like. This is very important for retaining employees, because one of the reasons for dismissal is boring work.
4. You can optimize the team - for complex projects it is very easy to assemble "special forces" from those who have already worked together with each other, judging by the link graph. And it can be automated and put people working together all the time.
5. Eychary asked again: "show the top people who do not respond to letters."
6. According to a number of tips from psychologists, we also identified the dynamics of the pulsation of the connection graph and were able to catch moments of dissatisfaction of employees, that is, the stage when he could quit, but he did not even begin to think about it. Now it is detected manually during conversations with a personnel officer every six months at the level of “what do you like and what do not?” And offers either retraining, or a change of project, or growth. And then you can automatically. We saw how some people once each year put huskies to each other, and then dismiss those who have few likes, which means that they drenched and innovators with idlers.
7. By the principal growth of the graph, you can track a person’s readiness to become a leader. This is very important for large companies when collecting teams. In the presence of extended data (which is already for “sensitive” objects), periods of “motivation” and “despondency” can be tracked. A normal employee, as suggested by psychologists, they alternate. Thus, if someone is “sad” constantly, it is easy to seduce him with a bribe - and this is another point of increased attention for “counterintelligence”.

At the same time, we parsed the data from the websites of the personnel departments of the companies in the sphere - they are so subtle that sometimes they call directly from the corporate number from the site to the corporate number of the employee and offer to change jobs.

Well and at the same time on the ACS we calculated the optimal schedule for corporate transport. At least something useful based only on a test sample.

It was still flowers

We have a partner who ideally laid down in the “counterintelligence” project: the guys are able to take a print profile (typical intervals between pressing the keyboard buttons and the accuracy of the hit). If you remember, there was even such a story as the identification of a person by “handwriting” in the printed phrase by the second factor. For accuracy - as bionic methods. So, as an authorization method, this is not widely practiced (although Kouser is sometimes checked the same way on exams so that you are you), but our partner learned to determine the emotional state by changing handwriting. And tiredness.

They have profiles for “upset”, “fever” and “tired”. And this is extremely important for the dispatcher - if he is tired or sick, for example, a plane may fall. If your employee is blackmailed and he is in frustration before an important decision, it is also better to know.

By adding this data to the above, we can get a prediction of problems with the work and implementation of projects.

I generally keep quiet about the recognition of keywords in speech. How much data can be added - just a fairy tale, but, again, only for regime objects.

We asked colleagues. Everybody is interested in such chips, but no one gives them money for it. Now is the era of total open data, not total control. On the other hand, our mathematical apparatus turned out to be very easily applicable to other mining problems. For example, it was unexpectedly easy to look at the trends of the public procurement market. We look, in what competitions the employee participates, and we calculate others where he could participate in order to understand what we could miss. Or, if in the building we work as a provider of a service, then automatically tenders for the purchase of such a service for everyone at the facility will be cheaper, because we have already held the infrastructure there. We put on special control. And so on.

Eychary say that it is important for them not to dismiss the “Cossacks”, but to understand who suffers and cannot convey to the head that he, for example, is fed with breakfast. It is very important to understand who is dissatisfied, because then they are beaten for what the employee wrote about this on Facebook and did not tell the manager. Or he said, but he did not understand.

Summary

Hi, paranoid! We do a lot for you to worry about. On the one hand, it is somehow scary, but on the other - on our own experience and on the basis of requests from our customers, we realized that all this is not used to spy on employees, their correspondence or something similar. Business is interesting in terms of retention of valuable personnel.

Links

• Paranoid Speech Recognition
• Face Recognition
• My mail is brahew@croc.ru