Insider Threat

19 November 2021 00:00

Bibin K R

We are living in a very complex world filled with vulnerability and uncertainty, where anyone, externally or internally, can cause harm to you and your organisation. When a person with authorised access to organisational resources becomes an adversary, they are deemed an “insider threat”, which refers to an insider who wittingly or unwittingly does harm to the organisation. Examples are sabotage, espionage, terrorism and unauthorised disclosure of information. Insider threats may be caused by negligence or criminal acts.

Implementing an Insider Threat Program

One way in which to mitigate the risk of insider threats is to implement an Insider Threat Program, but before doing so, a proper risk assessment of the organisation should be carried out to identify the critical assets and the effect of an adversary attack on each asset.

Risk assessment

Various activities like the behaviour of individual employees, system login/logoff, restart/shutdown, search history, print history, site access log, use of removable data storage devices and so on may be monitored to identify the threats. Security and HR Departments can play vital roles in extracting data on employee behaviour. Most insider threat actors exhibit risky behaviour prior to committing any adverse action. If such behaviour is identified earlier, we can avoid or mitigate many risks.

Benefits of an Insider Threat Program

The Insider Threat Program should be able to identify and collect inputs on threats and all data should be verified. All data received should be monitored and analysed for further action. This data integration may be done automatically or manually. In an automatic system, all data will be fed automatically and evaluated further. Whereas in manual mode data is to be fed manually. The stored data could be analysed by a human being or machine/software. Reporting of the same could be done in real-time which is a proactive solution, or event-triggered which is a reactive solution — here information should be reviewed and collected only when a certain condition is met.

Ongoing commitment

All employees should be given insider threat awareness training, which will help them identify various methodologies used by adversaries to extract data from them. Employees should be trained on what to report and how to report.

In short

The best formula to handle insider threat is: Avoid - Detect - Mitigate - Review.

We may avoid it by proper training on insider threat awareness. A proper team and policies/procedures may be implemented to detect insider threat. It may be mitigated through various countermeasures. All these actions should be reviewed periodically and updated as per the requirement.

“Prevention is better than cure” hence always watch your surroundings for any indications and take necessary measures to deter/mitigate the risk of insider threat.

Bibin K R


Bibin K R

Bibin K R is a military veteran having 16 + years of hands-on experience in Security Management, Physical Security and Risk Assessment. He is Board Certified in Security Management and a Certified Protection Professional (CPP) from ASIS International, USA. He has experience in various sectors of the industry ranging from Defence, Entertainment, Facility/Real Estate, Education and Construction.

This article appears in a recent edition of Risk Management Today. Subscribers may view the full article from Risk Management TodayHERE.

Risk Management Today is a LexisNexis newsletter that provides commentary and summaries of new legislation, recent research studies and surveys from around the world on areas that impact corporate risk. Topics include security, fraud prevention, OH&S, strategy and contingency planning, corporate governance, compliance and liability, crisis management and business continuity and sustainability.


Contact our Experts Now

Contact Us