“The purpose of every information security program is to maintain the confidentiality, integrity and availability of said information. In other words, it must ensure that organisational data remains accurate and complete whilst being freely available for authorized users to use for appropriate purposes.

“Insider threats pose a significant risk to this, as individuals with privileged access to sensitive information may inadvertently or intentionally compromise the security and undermine the integrity of organizational data.

“From my role in the FBI, I’m used to seeing insider threat from the legal perspective, prosecuting intentional, pre-meditated attacks in U. S. Federal Court. Interestingly, there is no specific law which covers “insider threat” and as a result, criminal cases focus on the fraud committed by the insider, which typically involve either data theft or data destruction.

“A good example of a data destruction case is United States v.Pok Seong Kwong – Casetext. Pok Seong Kwong was the director of information technology for American Flood Research, Inc. (AFR), a provider of electronic flood-zone certifications. He and two other IT employees, Wei Chen and An Yuan, submitted a letter to AFR alleging race discrimination and demanding compensation of $180,000 each. The next day, AFR discovered that its computer system was damaged by harmful programs (logic bombs) installed by Chen and Yuan. Kwong was charged with aiding and abetting Chen and conspiring to sabotage AFR’s computer system, in violation of 18 U.S.C. §§ 2, 371, 1030 (a) (5) (A). In this case, the damage to AFR systems was ~$750,000 in 2001, when the crime occurred.

“Good examples of data theft are economic espionage cases and those which involve theft of trade secrets – both of which are considered federal offenses under the Economic Espionage Act of 1996. Here, the insider behaviour is focused on theft of volumes of sensitive information, which in most cases is exfiltrated electronically and by physical media.

“So how can organizations successfully protect themselves against intentional insider threats? In every insider threat case, there is a combination of network activity and employee behaviour. In other words, the malicious activity crosses both physical and electronic modalities. Successful insider threat programs require a multi-disciplinary team (MDT) approach involving individuals from across the organization, responsible for physical security, cybersecurity, operational technology, information technology, HR and legal.

“Monthly meetings of the MDT will play a pivotal role in protecting the organization from insider threats, developing a strategy to support early threat detection, enable effective mitigation and ensure an appropriate response to anomalous behaviour.

“Cultivating a culture of security throughout the organization, instilling a sense of responsibility and awareness among employees, is also crucial. This should be complemented by a strong governance and risk management program that establishes clear guidelines and procedures about expected behaviours, both online and in the workplace. Robust employee onboarding and offboarding processes, along with a comprehensive employee manual, will also help to shape an informed and vigilant workforce.

“The implementation of user activity monitoring systems, which continuously assess behaviours, are also hugely beneficial, enabling the early detection of employees with heightened risk factors.

“Employee morale and effective leadership cannot be underestimated when it comes to threat prevention. Insider threats are largely “people” problems. That is, most companies do not hire “bad actors”. At the time of hire, both employee and employer are satisfied with the employment arrangement.

“Over time, things change which fracture the relationship. Having interviewed many insiders, they always complain about a leader’s behaviour or how they were treated. While this does not justify unlawful behaviour, it is a reminder that good leadership always matters. Transformational leadership is probably the most powerful tool one can employ to safeguard the organization and its data. Employee well-being programs contribute not only to the overall welfare of the workforce, but also to the prevention of potential insider threats by addressing underlying issues proactively.”

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals