By: The Executive Security Operations Concierge (ESOC) Center, PFC Safeguards
We may be attuned and vigilant to the threats that are on the outside, but when was the last time the inside was assessed? An insider is a very real threat that has a historical enterprise in the protective and intelligence world. These threats present a complex and dynamic risk as the perpetrators are individuals who had or still have authorized access to an organization’s resources. An insider will use their access to a target or their familiarity with it to cause harm. The integrity, confidentiality, and availability of the company and its data, people, or facilities can all be negatively affected by malicious, complacent, or unintentional actions.
An insider doesn’t usually act on impulse, but rather develops their plan of action for a period of time, approaching it by avenues least likely to sound the alarm. They accomplish minute tasks for gathering pertinent information under a veil to test who may be paying attention to their actions. These persons are calculated in their maneuvers and can cause serious losses to business when confidential information is not secured. There are preventative solutions and additional security measures that can be implemented to safeguard informational assets, and practices from being leaked.
While there isn’t a definitive profile for insiders, there may be ways to identify them such as their behaviors, personality factors, motivations, and characteristics. The below list is based on our review of historical cases and describes the most probable identifiers of a potential threat, though it is not all inclusive.
Fundamental, Psychological Traits & Behaviors
Ø Single or unmarried males
Ø Moral flexibility
Ø Mental disorders
Ø Shaky Social Skills
Ø Minimal Allegiance
Ø Poor Performance
Ø Compliance issues with company regulations
Ø Argumentative/inability to not quarrel with coworkers
Ø Piqued interests in matters not within their scope
Ø Incessant negative commentary regarding work/company
Ø Foreign influence and preference
There are numerous factors that can contribute to one’s motivations to become an insider. Many of these factors include financial gains, dissatisfaction of expectations in work, stressful events, opposition to workplace ideals and/or sanctions, and revenge. Yet there are instances when cases occur due to negligence stemming from miscellaneous errors as opposed to malicious intent. The best policy is to remain proactive and observe behaviors to identify the insider before they can commit their fraud and cause irreparable damages.
Unfortunately, one’s human nature cannot be predicted with 100% certitude. However, detecting and identifying these potential threats requires a two-part component-- technological employments as well as the human factor to recognize and report concerning behaviors and threat indicators. Potential risk indicators may not reveal an analytical estimate of misconduct, but their timely reporting creates a preventative measure to reduce the potential harm and magnitude of that harm.
There is a long historical background of insider incidents within governments and inside companies that have caused irreparable damage. Many are familiar with the highly publicized insider cases such as Edward Snowden and Chelsea Manning that have occurred within the last ten years. These two individuals notoriously released massive amounts of sensitive information that created a whirlwind of issues and detriment to national security.
To mitigate insider threats, it is imperative that companies have a strong security culture in order to protect themselves and their assets. Compartmentalizing sensitive information to limit the damage an insider threat poses is imperative. A continuous monitoring model will be beneficial as well as essential to prevent and detect such acts from occurring. It is advisable to create a threat assessment process or threat management team that can assist with investigative strategies and actions for true expressions of intent to accidental mishandlings. When investigating these types of situations, the investigation must fuse collection and analysis of information to guide the appropriate actions for prevention, mitigation, response, and or recovery if possible.