Can Insider Threats be Prevented?
In today’s times, it’s commonplace to leave a job to pursue additional challenges, pay increases, more independence, or a different work environment. With companies competing to recruit skilled individuals, those opportunities remain on the upswing for those interested. At the same time, however, some individuals harbor ill will and deliberately commit a malicious act toward their employer or the organization. It’s at that decision point where these individuals become known as Insider Threats.
According to the Department of Homeland Security, malicious insiders pose a serious threat to organizations in both public and private sectors. Their authorized access or insider knowledge of critical assets offers them opportunities to compromise information, sabotage infrastructure, or inflict harm upon co-workers. A complacent or uninformed workforce can be equally damaging by inadvertently allowing easy access to an external threat. Insider threats include current or former employees, partners, contractors, or family and friends. Regardless of the actor, organizations need to establish an Insider Threat program that can detect, deter, and prevent insiders from causing harm.
However, even malicious Insiders don’t just start out wanting to cause harm or become violent; they evolve over time, exhibiting multiple, detectable, and observable behaviors. Examples of those Behaviors of Concern include behavior changes, intimidation, job dissatisfaction, attempts to bypass security, frequency in the office during off-hours, disgruntled behavior toward co-workers, violation of corporate policies, discussions of resigning, and new opportunities, and sudden lifestyle changes. Awareness of these Behaviors of Concern are critical to preventing harmful acts.
Harmful acts can manifest as violence, theft, sabotage, espionage, and cyber-attacks. They may be motivated by financial gain, revenge, interpersonal conflicts in the workplace, or political ideology. In some cases, there may even be a deeply felt grievance that, left unchecked, pushed someone to their tipping point. Likewise, those that act out violently often do so out of frustration and because they don't feel they are being heard or understood.
Before committing a malicious act, an Insider Threat may seek help from others or begin probing for security weaknesses. They may start surveilling a location or attempting to access a building or network. This is when a malicious Insider may be witnessed in areas where they don’t belong or attempting to boundary probe to see how far they can go before drawing attention. Finally, if not disrupted, they’ll put their plan into action. They’ll distort evidence, blame others, or alter records to cover their tracks or evade capture.
So, in answer to the question, can Insider threats be prevented? The answer is YES, but it begins with a culture of awareness. Recognizing that an individual poses a threat and may be on a pathway to a malicious act is an important start. Studies have shown that in 85% of Insider threat cases, someone other than the Insider knew about their intent, but no one reported it. Proactively managing insider threats can change or stop the trajectory or course of events from a harmful outcome to effective mitigation.
CPPS has released training and guidance specific to Insider Threats that helps create a culture of awareness within your organization. For more information, CONTACT US.