With respect to information security and cybersecurity, a threat is a natural occurrence or a human activity (intentional or unintentional) that has the potential to disrupt an organization’s mission and/or business processes. This blog is about human activity and what is commonly known as an insider threat. An insider can be defined as a trusted member of an organization – where the person is an employee, a contractor, a consultant, or a volunteer. So, an insider threat refers to a deliberate or unintentional action that could: (1) disrupt the confidentiality, integrity, and/or availability of information in paper or electronic form or (2) negatively impact the ongoing operation of IT systems that process, store, or transmit organizational information.
Bystanders can play a role in helping organizations to identify insider threats. Bystanders include colleagues, human resources personnel, and supervisors. Human resources personnel and supervisors are the first line of defense against insider threats, because they have access to employee personnel records and should be aware of situations affecting a member of the organization. Human resources personnel and supervisors should know about complaints from colleagues, demotions, financial judgements affecting pay, negative references from previous employment or services provided, reprimands, unauthorized absences, and unfavorable performance ratings.
Colleagues are the next line of defense because they collaborate with and potentially socialize with each other on a regular basis. Colleagues might notice insider threat behaviors or activities such as alcohol abuse, attempts to obtain access to information that is not related to another colleague’s role or responsibilities, drug abuse, encouraging other colleagues to participate in activities that are illegal or violate organizational policy, suspected emotional or mental impairment, taking multiple expensive trips (especially those with a short duration), and unexplained access to financial resources.
A comprehensive insider threat program can help combat insider threats. Insider threat defense is one of IBSS’ core competencies. Our suite of insider threat services include the following:
- Develop/tailor insider threat programs
- Document insider threat policies and procedures
- Identify threats to organizational mission and business processes
- Deploy and configure solutions to monitor insider threat activity
- Evaluate the effectiveness of controls that organizations have implemented to protect against insider threats
- Provide staff augmentation
If you see something, say something.
