Malicious insiders pose a serious threat to organizations in the public and private sectors. Their authorized access or insider knowledge of critical assets offers them opportunities to compromise information, sabotage infrastructure, or inflict harm upon co-workers. A complacent or uninformed workforce can be equally as damaging by inadvertently allowing easy access to an external threat. Insider threats can be current or former employees, partners, contractors, or family and friends. Regardless of the actor, it is important for organizations to establish an insider threat program that can detect, deter, and prevent insiders from causing harm.
All organizations are vulnerable. Potential Risk Indicators. Most insider threats exhibit risky behavior prior to committing negative workplace events.
What is an Insider Threat?
An Insider Threat is anyone with authorized access who uses that access to wittingly or unwittingly harm the organization and its resources. Insiders can be employees, vendors, partners, suppliers, etc.; they are individuals that you provide access to your facilities and/or information. Trusted insiders may commit malicious acts, such as fraud, theft, sabotage, espionage, unauthorized disclosure, workplace violence, and more. Unwitting insiders may inadvertently disclose sensitive information, unknowingly download malware, or facilitate other cybersecurity events. Anyone can be a potential insider threat. All organizations are vulnerable.
Potential Risk Indicators
Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. It is your responsibility to report these indicators to your supervisor, security officer, and/or insider threat program.
Spotting and Reporting
Not all of these potential risk indicators will be evident in every insider threat and not everyone who exhibits these behaviors is doing something wrong. However, most of insider threats have displayed at least some of the potential risk indicators.
Early reporting allows the Insider Threat Program to pursue a multi-disciplinary approach to gathering and reviewing information indicative of an insider threat, referring that data as appropriate, and developing mitigation response options while protecting the privacy and civil liberties of the workforce. The goal of the program is to deter threats and detect potential issues early on—before a problem occurs. Early reporting can prevent harm to self or others, losses to the organization, and protect national security.