When it comes to risk and resilience, one of the main problems we encounter is Insider Threat.

Insider threat is when someone who works for a company or organisation poses a risk to it. These individuals, such as employees or partners, have access to important information or systems. The tricky part is that they already have permission to be there, so it can be hard to spot the danger.

Insider threats can include things like stealing company secrets, sharing private information without permission, causing damage on purpose, cheating, or even making mistakes that lead to security problems. To protect against insider threats, companies need to use technology, rules, and training to keep an eye out for any suspicious behavior and prevent harm from happening.

The risk factors that contribute directly to unintended insider threat is where a great deal of progress can be made to
assess and mitigate risk within organisations. If leadership considers and implements plans as part of a risk mitigation program, then this radically diminishes Insider Threat before it happens.

Insider Threat - risk mitigation


Insider threats can be characterised as an Unintentional Insider (who inadvertently or unknowingly betrays the trust placed in them. This is frequently due to a lack of security, integrity awareness, or failure to follow proper processes) and an Intentional Insider, (These are individuals who deliberately or knowingly betray the trust placed in them. This may be to
cause harm, gain personal benefit, or advance the interests of another organisation, business or
individual. Intentional insiders can be malicious, self-motivated or recruited by a third party.)

Both of these insiders can be broken down into five different characterisations.

#1 – The fortuitous insider

A fortuitous insider exposes an organisation or business to loss or exploitation in error. This can be due to a lack of security training or awareness provided by the organisation or business.

➢ Poor or incomplete training during the on-boarding process.
➢ Unrealistic workload or time pressures during projects.
➢ Poor immediate management and control.

#2 – The careless insider

A careless insider exposes an organisation or business through deliberate negligence. They are familiar with security and information policies; however, they choose to ignore them, either because they are in a hurry or think they are irrelevant.

An extrinsically motivated person that disregards risks or unethical behaviour or abides by
the rules.
Watch out for:
➢ High fault rates.
➢ Failure to keep appropriate or accurate records.
➢ Poor management and leadership practices.

Insider Threat - risk mitigation

#3 – The dynamic insider

A dynamic insider acts by choice rather than pressure, influence, or direction by a third-party organisation or business. They carry out malicious actions and behaviours and may prepare other trusted insiders to assist in their chosen act.
Usually motivated by financial gain, an ideology, a desire for recognition, compulsive or destructive behaviour, personal circumstances, or disgruntlement.

Watch out for:
➢ Values and standards issues.
➢ Financial hardship or mysterious wealth.
➢ Addictions to gambling, drugs or alcohol.

#4 – The enlisted insider

An enlisted insider is targeted by a third-party organisation or business to exploit their potential, existing or former controlled access. This can be known as grooming. The insider may willingly assist the third-party organisation or business.
Again, motivated by financial gain, an ideology, a desire for recognition. Can also show signs of increased ego and self-image.

Watch out for:
➢ Sudden wealth.
➢ Attempts to access information unrelated to their duties.
➢ Irritation or frustration in the workplace.

#5 – The coerced insider

A coerced insider is targeted by a third-party organisation or business to exploit their potential, existing or former controlled access. The coerced insider cooperates due to pressure from the third-party organisation or business, often due to being threatened with some kind of exposure. These insiders are usually vulnerable to blackmail and have a fear of their secrets being revealed.

Watch out for:
➢ Attempts to access information unrelated to their duties.
➢ Works outside normal hours without authorisation.
➢ Has interest in other areas of the business, outside their scope of work.
➢ Introducing electronic devices into secure work areas.

The potential risks posed by individuals with authorized access highlight the importance of balancing trust with effective security measures. By implementing a combination of technical controls, policies, employee training, and vigilant monitoring, organisations can mitigate the risks associated with insider threats. It is essential to foster a culture of security awareness, where employees are educated about the potential risks, encouraged to report any suspicious activities, and supported in maintaining a secure work environment. Proactive measures and continuous evaluation of security practices are key to safeguarding valuable assets, protecting sensitive information, and maintaining the trust of customers and partners in an ever-evolving threat landscape.

If you would like to know more about Insider Threat, get in touch with our team of experts to help guide you through the process so that your organisation is better prepared for Insider Threat.

Why not follow us on LinkedIn?


Submit a Comment

Your email address will not be published. Required fields are marked *





 Get in touch today about how our team can help you create a better more secure future.