It is important to know that not every Insider threat is malicious. Non-malicious and unintentional breaches account for about half of those Insider threats which seriously impact a business’ operations. This could be as simple as a distracted employee who negligently includes a competitor within a complex email exchange, resulting in the disclosure of trade secrets and other confidential information.
A malicious Insider threat, on the other hand, is one that is deliberately harmful to an organization. Such a threat might occur when a disgruntled employee installs malware on a company laptop or network after being laid off or terminated. Another case might be corporate espionage, where an employee willingly participates in sharing a company’s intellectual property for a fee. Even an employee who steals a business’ records with the intent of starting their own venture is considered to be an Insider threat.
Such breaches are neither uncommon or exclusive to the private sector. Both local and federal organizations are treasure troves for sensitive data. The sheer amounts of citizen, political and financial information within these public organizations calls for the perpetual safeguarding against Insider threats.
Edward Snowden, a former CIA employee and NSA contractor, is probably one of the most notorious examples of a governmental Insider threat in recent history. He is known for copying and releasing thousands of classified documents to news reporters, with the intention of shedding light on US government surveillance operations. But not every whistle is blown in the name of justice or transparency. The following cases of Insider threats were in no way protests against Totalitarianism:
- A disgruntled contractor who hacked into a US Oil rig after being denied permanent employment
- A city worker who hi-jacked San Francisco’s computer system
- A healthcare employee who stole information necessary for committing medical, health insurance and tax fraud
An Insider threat can take many forms, but most of them are financially motivated. Because of this, they are likely to cause significant financial harm to a company simply because of the high-value of internal information. There is no surefire defense against an Insider threat, but organizations can take security precautions by first ensuring that employees are authorized at the lowest level possible to effectively do their jobs. Third-party contractors should be thoroughly vetted and given access to support only essential operations.
Additionally, all access and permissions should be immediately revoked upon termination of employment—ideally before the employee or contractor is aware of their dismissal. To this extent, organizations should also be aware of log-ins and file transfers at unusual times, which is possible through comprehensive security reports. Employers should adopt standards and best practices for data security, and have automatic safeguards in place for both hardware and software (including cloud-based applications).