Before we answer this question, let’s just review what an insider threat is. According to the U.S. Community Emergency Response Team (CERT), an insider threat is:
Committed by a person or persons with access to an organization’s assets who uses these assets in a way that would negatively affect an organization.
Here’s another definition:
Employees, former employees, contractors, vendors, or business associates who conduct malicious, careless, or negligent threats to an organization.
With that out of the way, let’s go back to our original question:
What Does a Person that Commits Insider Threats Look Like?
You probably guessed it already. They don’t look like the image on this post. Instead, they look like you, me, and everyone else.
So, if we can’t tell what an “insider” about to commit a malicious act to an organization looks like, at least we can give some examples of what types of people may be an insider having the ability to cause harm. Here are ten we should know:
- A person trusted – even well-trusted – by their employer or an organization.
- Someone with a badge, access device, or admittance card allowing them expanded or unlimited entry to a facility.
- The nightly custodian, a security officer, a repair person, a vendor, or a contractor who regularly visits or works in a facility.
- In the case of a threat to an organization’s data, an insider may be someone with expanded access to the organization’s computer and IT network, including cloud storage.
- Someone briefed on or aware of a company’s secrets, including trade secrets, which are not to be revealed to customers or staff until an appropriate time, if ever.
- Somebody aware of a new product development or service introduction.
- A person aware of such things as a company’s product or service price structure, profit margins, costs to manufacture products, or their cost of services provided to a customer.
- Someone aware of an organization’s strengths and weaknesses. This can apply to many types of organizations, but most specifically to manufacturers and service providers.
- An insider who knows the organization’s long-term goals, business strategy, future plans, if and when significant personnel changes are about to occur, or if staff layoffs are planned.
- Often an insider threat comes from people who have been reprimanded for behaviors such as bullying, intimidation, or harassment of others in the workplace setting.
- A recent hire who asks for access to a facility or its computer network long before this is warranted or even needed.
- A staffer who has recently left a company, taking with them knowledge of any of the above.
My Take on Insider Threats:
When it comes to people who may be an insider threat to an organization, the first thing we must realize is that these threats are not necessarily limited to computer systems or cloud services. Far from it. While many are threats to an organization’s data, they also can involve spying on an organization, threats to a building, the staff working in that building, or threats to an organization’s top people.
We should also know that some insider threats can be prevented or uncovered before there is harm to a facility, its data, or its people. And one reason for this is that there are often early indicators that are overlooked or not heeded, usually because others in the workplace are unaware of these indicators.
Because of this, when collaborating with clients concerned about insider threats, not only do we look for risks and vulnerabilities – and how to mitigate them – but a key part of our job is to educate our clients about these early indicators. Knowledge is power, especially when it comes to protecting an organization.
As always, we value your feedback, which helps us shape our perspective on recent events, security, and the services we offer.
Chief Executive Officer