Insider threat
An insider threat refers to any security risk that originates from within an organization, typically involving current or former employees who possess intimate knowledge of the organization's vulnerabilities. These insiders can include a wide range of individuals, such as full-time staff, contractors, or even volunteers. They may act alone or collaborate, potentially tampering with or stealing sensitive information, which can be sold to competitors or used for malicious purposes like sabotage. The rise of electronic data storage has increased the prevalence of insider threats in both public and private sectors, prompting organizations to implement cybersecurity measures alongside traditional defenses against external threats.
Insider threats can be classified as accidental or intentional, with accidental threats often resulting from human error rather than malicious intent. Intentional threats, on the other hand, can stem from various motivations, including personal grievances or financial gain. Notably, the evolving workplace dynamics, including remote work, have contributed to a surge in insider threat incidents. Additionally, some experts now consider acts of workplace violence by current employees as a form of insider threat, emphasizing the need for ongoing research and preventative strategies. Organizations are encouraged to monitor employee behavior and provide training to help mitigate the risks associated with insider threats.
On this Page
Subject Terms
Insider threat
Any threat to an organization’s security or data that comes from within an organization is called an insider threat. It usually involves current or past employees that have understanding of a company’s vulnerabilities, such as knowledge of loosely enforced policies and procedures or flaws in computer networks. An insider can be a full- or part-time employee, intern, consultant, contractor, volunteer, janitor, or security guard. In some cases, the insider may be the person who configured the security system. These perpetrators may act alone or in collusion with each other. They may tamper with or destroy data by modifying or stealing confidential or sensitive information, such as company trade secrets or customer databases. The information is often sold to competitors or foreign countries. Sometimes the breach's purpose may be for sabotage or personal revenge. An extreme data breach can precipitate a violent incident, especially when it involves national security.
Insider threats occur in both the private and public sectors and have been increasing as nations, businesses, and organizations rely more heavily on electronic data storage. These entities must employ preventative cybersecurity measures to combat insider threats, just as they must use antiviral and firewall protection to guard against outsider threats.
History
Insider threats can encompass more than data attacks. Because of technological advances in information processing and sharing, the term has been linked to cybersecurity. However, insider threats go back centuries before the age of modern technology. In the first century CE, members of Rome’s elite Praetorian Guard assassinated the emperors Caligula and Galba they were sworn to protect. These incidents were just a few of many historical political assassinations planned by insiders. An example of an insider threat that impacted the United States economy occurred in the late eighteenth century. William Duer, a member of the Board of the US Treasury, used inside financial information for personal gain in 1792. When Duer was sentenced to prison, it caused a panic in the stock market, setting off the first stock market crash in history. In 1953, Julius Rosenberg, a former employee of an Army laboratory, and his wife Ethel, were tried, convicted, and executed on charges of espionage for passing military secrets to Russia regarding the atomic bomb.
One of the most well-known accounts of an insider threat in the early twenty-first century involved Eric Snowden, who held top secret and sensitive compartmented information clearances from the Central Intelligence Agency (CIA) and National Security Agency (NSA). He worked within NSA’s domestic surveillance division and felt their data collection techniques were illegal, unethical, and threatened the civil liberties of Americans. Snowden copied and released sensitive classified intelligence information to the media. His motivation was based on exposing what he deemed questionable acts by the government.
In 1963, the United States government began establishing safeguards to protect data, communications, and information systems relating to national security. Since that time, several offices and departments have streamlined goals and efforts to meet national cybersecurity needs. In 2011, then-President Barack Obama signed an executive order requiring that all federal agencies and defense contractors that manipulate or access classified computer networks conform to a common standard when they design, implement, and monitor security policies and procedures. The most current body of regulation and oversight is The National Cybersecurity and Communications Integration Center (NCCIC) as defined by the Cybersecurity Information Sharing Act of 2015.
Topic Today
Insider threats can be classified as accidental or intentional. Accidental threats result in deleting a file by mistake, leaving a locked computer unlocked, falling victim to a phishing attempt, or inadvertently sharing sensitive data with others. This type of threat has no malicious intent and can be prevented by ensuring employees have adequate training on personal phone usage policies, basic computer security measures, and the dangers of password sharing. To prevent accidental insider threats, an organization can monitor behavior in the most vulnerable offices such the human resources department, records management office, legal counsel, and civil liberties departments. Specialty consulting firms have arisen to assist organizations to meet this demand, thus increasing job opportunities in the cybersecurity field.
Malicious threats are more difficult to identify. In order to protect against these types of insider threats, research often must identify motivation and threat behavior. According to a 2024 Insider Threat Report issued by Cybersecurity Insiders and Securonix, there was a 10 percent rise in insider threat attacks between 2019 and 2024. Insider threats are responsible for approximately 60 percent of electronic crimes, with an estimation that 25 percent of these crimes were carried out with malicious intent. Experts partially credit the rise of insider threat incidents to the growing remote work environment. These threats not only cause immediate problems for a company or organization, but they also come with the added expense of time and money involved in prosecuting those involved.
In the twenty-first century, a new wave of insider threats has evolved. Historically, insider threats involved the sale of information or the disruption of data processes. However, some security experts also believe workplace violence can be considered an inside threat if the perpetrator is employed or associated with the company and attacks other workers. The Office of Occupational Safety and Health Administration (OSHA) reported 18 percent of all violent crimes in the United States were committed in the workplace between 2009 and 2015. Of those, 133 mass shootings in the workplace accounted for 78 percent of all workplace homicides. This information reflects a need for continued research on threat motivation and behavior to help curtail and prevent future workplace attacks. Experts believe in order to identify possible threats, workplaces would benefit from having a knowledge of individual risk levels and assessing employees' access to resources that could cause harm. Other preventative measures include being aware of potential troubling behavior. These measures can be further enhanced by combining them with employee or student training to foster awareness and prevention.
Bibliography
Devry, Jane. “New Report Reveals Insider Threat Trends, Challenges, and Solutions.” Cybersecurity Insiders, 11 Apr. 2024, www.cybersecurity-insiders.com/2024-insider-threat-report-trends-challenges-and-solutions/. Accessed 20 Dec. 2024.
“Insider Threat.” Carnegie Mellon University, Dec. 2017, www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel‗datapageid‗4050=21232. Accessed 20 Dec. 2024.
“Julius and Ethel Rosenberg.” History.com, 13 Dec. 2018, www.history.com/this-day-in-history/julius-and-ethel-rosenberg-executed. Accessed 21 Jan. 2019.
Kiely, James. “Edward Snowden, The Utimate Insider Threat.” MRI Global, 14 Mar. 2014, www.thedonovan.com/historystuff/Edward%20Snowden-Insider%20Threat%20PP%203-18-2014.pdf. Accessed 21 Jan. 2019.
McGravey, Daniel J., and Amy C. Lachowicz. “Workplace Violence.” Law Journal Newsletters, 1 Nov. 2016, www.lawjournalnewsletters.com/2016/11/01/workplace-violence/. Accessed 20 Dec. 2024.
“National Cybersecurity and Communications Integration Center.” Department of Homeland Security, 14 Nov. 2018, www.dhs.gov/national-cybersecurity-and-communications-integration-center. Accessed 21 Jan. 2019.
“Occupational Outlook Handbook.” United States Department of Labor, 29 Aug. 2024, www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm. Accessed 20 Dec. 2024.
Powers, Noah. “What History Teaches Us About Today’s Insider Threats.” Delta Risk, 21 Sep. 2017, deltarisk.com/blog/what-history-teaches-us-about-todays-insider-threats/. Accessed 21 Jan. 2019.
Rouse, Margaret. “Insider Threat.” Tech Target, Jul. 2022, searchsecurity.techtarget.com/definition/insider-threat. Accessed 21 Jan. 2019.
Sullivan, Bob. “Cost of Insider Risks Global Report — 2023.” Ponemon Sullivan Report, 14 Oct. 2023, www.ponemonsullivanreport.com/2023/10/cost-of-insider-risks-global-report-2023/. Accessed 20 Dec. 2024.
Tuutti, Camille. “The Insider Threat: A Historical Perspective.” Nextgov.com, 16 Sept. 2016, www.nextgov.com/cybersecurity/2016/09/insider-threat-historical-perspective/131613/. Accessed 21 Jan. 2019.