What Triggers Insider Threat?

By James Robinson ·

When asked, “Do you have an insider threat problem?” many organizations might conclude that they have no issues and nothing to worry about, others admit they have a problem with no strategy. Both responses are inadequate. Insider threat can happen at any organization within any industry. Knowing this, is your organization taking the proper precautions to help prevent catastrophic damage, both financially and to your reputation? What might someone pay for your organization’s most sensitive information?

Risk is everywhere. Outside threats can be hard to predict; you have no idea where they could be coming from. Insider threat, however, comes from within your network of employees and partners. This type of threat ranges from a reckless, non-hostile employee who accidentally leaks data, to a competitor or even a spy.

For the hostile types of insider threat, why might someone turn against the company they work for? The biggest reason comes from a life changing event either in an employee’s personal life or work life. People you would least expect can turn at the drop of a hat when they find themselves desperate for something, be that money or information. Employees can also find themselves shaken up by a recent merger or acquisition. If people have formed allegiances with specific coworkers, and that coworker leaves the company, the employee left standing might feel their loyalty shifting.

It’s also important to understand which employees to consider “high risk.” Typically, the top professions that could become insider threats are employees that have the most access to the most information, making them potentially dangerous. Examples of these types of groups include executives, scientists and people in IT.

The most important key to recognizing a problem is situational awareness. You must continually look at your strategy, understand what’s going on within every aspect of the organization, and be on the lookout for situations that are negatively impacting employees.

Consider these ideas to help counter threats before they become expensive problems:

Educate and communicate: Use a recent situation that may have had a negative impact, such as a merger (with subsequent layoffs), to educate and communicate with your workforce. If everyone remains open minded and understands that they’re all on the same team, you may be able to bring outliers back to the light.

Reconfigure current technologies: To help head off potential insider attacks, consider leveraging existing technologies. You can configure systems, such as the rules within data loss prevention software, to recognize a potential issue. Simple rule changes and configurations can make a world of difference, which means you don’t need to go out and buy a whole new solution.

Build and communicate a plan: Building a plan does not mean you have to execute on it. Start to research the subject, talk with peers on their programs, and understand how to identify the threat. All of these items are areas you can build into your plan. Great information has been published by Carnegie Mellon and the FBI on insider threats.

Logging and trending: If your organization did not track sales data they would never know how sales were trending; the same holds true for any threats. Start to learn your control points and begin logging and collecting data on insider threats.

As soon as you recognize possible triggers for insider threat, and understand the most likely employees to turn to the dark side, the faster you can put a plan in place to prevent an inside attack.

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.