NOMINATIONS NOW OPEN

​Do you have an Insider Threat Program?

Insider threats are increasingly on our radar, we saw a recent example in Australia with an Bluescope Steel employee taking out company documents. Also two scientists at Glaxo Smith Kline research scientists in another well publicised incident- Yu Xue and Lucy Xi, were charged with stealing trade secrets.

Now in the murky shadow of wikileaks, we have if you like ‘a whistleblower on whistleblowers’. A new insider threat program is to identify these malicious individuals has been created by Obama administration’s USA Office of National Intelligence, noted that:

“An insider threat arises when a person with authorized access to U.S. Government resources… uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors.” [1]

Continous Evaluation

This is not something that can be opted out from and you have no choice in this matter. In the USA, there are around 100,000 military, civilians and contractors that are under such surveillance.

In scope is total surveillance of US personnel that have specific access to classified information; and includes electronic emails, messages and communications (using what is referred to as ‘push and pull’ approaches)

The reality is that this approach is about monitoring electronic behaviour both on the job as well as off the job to detect potential threats. Indeed the US government is taking insider threats seriously.

The Insiders

Both the FBI and Department of Homeland Security agree that so called ‘insider threats’ have increased and pose a serious risk.

This level of surveillance will capture both the accidental and malicious.

An ‘accidental insider’ is those targeted by adversaries such as a spear phising attack from a known source or friendly source. In the main such insiders are unaware that there is potential or actual risk.

On the other hand, ‘malicious insiders’ are individuals who set out to deliberately cause harm; they realise that their actions can cause real damage.

Ultra Sensitive?


Clearly having an Insider Threat program will always be ultra sensitive. Most enterprises have some level of this monitoring that is underway. There are various tools that both monitor and prevent information leakage.

What is clear though is that often such reporting goes to someone is HR or even worse a member of IT. It is not that you that trust is an issue, but instead they (HR and IT) may have no idea what files are actually acceptable to be shared outside.

‘Best practice’ that I have seen is where the technology, process and people all intersect and a supervisor gets a notification of what files their staff members have copied etc.

No Budget

Most enterprises also do not have a budget for insider threats and this also works against this being taken seriously. Instead we have to approach this problem with a mindset that ‘insider threat’ either innocent or malicious is a near certainty.

Taking that approach means we have to be always on the lookout to detect such patterns and don’t wait for an issue to occur.

Against the HR grain

This also means that we proactively monitor our staff at the same time that we impeach empowerment and giving authority to teams. There are also modern day work pressures that work is no longer just performed in the office, sending a file to one’s home email address may be innocent but can’t be allowed in today’s world.

A recent Harvard article talked about “how most of us think about trust as a black and white decision”.

“We trust you or we don’t. In business relationships, trust is rarely so clear cut…… rather than black or white, a better approach is to think of trust more like a barometer. Trust goes up and down depending on the circumstances” [2]

Unfortunately it is not good enough to use your natural tendency and base trust on gut reaction. We all need to look at putting an Insider Threat program and specifically a Continous Monitoring approach.



[1] http://www.ncsc.gov/issues/ithreat/

[2] https://hbr.org/2015/09/what-to-do-when-you-dont-trust-your-team


Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags Threat ProgramDavid Gee

More about FBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

More videos

Blog Posts

Market Place