The Insider Threat: Understanding, Detecting and Defending

Insider threats take many forms. And while not all insider threats are malicious, they are a costly problem. Here, we’ve dug down into how you can define insider threats within your organisation, the forms they’re likely to take and what you can do to defend your business against them.

What is an ‘insider threat’?

While it can be quite difficult to define the ‘insider threat’ because of the complexity of where a company’s boundary or perimeter lies, we’ve found the most clear and comprehensive definition to be that given by Dr Michael Gelles and Dr Jesse Goldhammer in their presentation at the RSA Conference 2015:

“The person who has the potential to harm an organization for which they have inside knowledge or access.”

It’s important to note that insiders are not just employees, but can include contractors, business partners, auditors and even former employees.

Why types of damage can insiders cause?

  • Sabotage: a threat posed by the insider who intends to harm their organisation rather than simply steal company resources or information. Sabotage in the workplace is common, and it is not limited to the destruction of physical facilities or damage to IT infrastructure. The damage can take many forms, such as deliberate non-performance, falsification of company records and damage to organisational property.
  • IT sabotage: a relatively new form of insider threat that is focused on negatively affecting or damaging an organisation’s information systems.
  • Fraud: typically increases in times of economic recession, which herald unemployment, job worries, higher personal debt and a rising cost of living. The FBI estimates that insiders steal eight times more money through fraud than is stolen through bank robberies.
  • Theft of Intellectual Property (IP): likely to be conducted by more trusted insiders, this type of threat usually involves selling information to a company’s competitors in order to embarrass the employer or to help a friend or family member.
  • Terrorist attack: inside terrorism, or home-grown terrorism, has become a stark reality for several nations. Since 2009, there have been more than 30 cases of home-grown terrorism in the US alone.

Understanding, detecting and defending

Build your defence programme now with the best practices, controls and quick wins explained in our latest title:

 Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from WithinInsider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within

Insider Threat will help you understand:

  • The seven organisational characteristics common to insider threat victims.
  • The ten stages of a malicious attack.
  • The ten steps of a successful insider threat prevention programme.
  • How to construct a three-tier security culture, encompassing artefacts, values and shared assumptions.

Prepare for insider threats with the most in-depth guide on the market. Order your copy now >>