Preventing insider threats: What to watch (and watch out) for

September is officially National Insider Threat Awareness Month (NIATM) and the theme of this year’s NIATM is resilience. Of all the digital threats facing organizations, the insider threat can be the most vexing to tackle given how uncomfortable it can feel to suspect one’s own colleagues of wrongdoing. It’s challenging to set up systems and processes that might catch well-regarded peers or superiors in a harmful act.

At last week’s inaugural Insider Risk Summit, experts at corporations and cybersecurity firms gathered to talk about the top trends driving insider security threats and what security officers should know in trying to combat those threats. “There’s not one type of threat but there is a common aspect, which is that [insiders] are looking to get at critical assets of the organization — people, information, technology and facilities,” Michael Theis, chief engineer, Strategic Engagements at the US Community Emergency Response Team’s (CERT’s) National Insider Threat Center, said during his keynote talk.

Theis based most of his talk on the fraud model that CERT’s threat center has built on a data set of 2,500 verified insider incidents that resulted in sabotage or corporate threat. It’s important to define what exactly an insider threat is, Theis said. “[It’s] the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally to act in a way that could negatively affect the organization.” The people who could be considered insiders encompass a wide range of individuals from current or former full-time employees, part-time employees, temporary employees, contractors, and trusted business partners.

The ways that an insider can cause damage are wide-ranging, too. They include fraud, theft of intellectual property, sabotage, espionage, workplace violence, social engineering, accidental disclosure, accidental loss or disposal of equipment or documents.