The 3 types of insider threat

By Jeffrey R. Jones and Ryan Averbeck, CSO |  Security

Why does your competitor have your latest research or financial figures? It must be an insider -- or is it?

Before the digital revolution, security professionals were kept awake at night worrying about the potential threat posed by an untrustworthy member of their organization. Commonly referred to as the "insider threat," this person possibly had privileged access to classified, sensitive or propriety data; providing the insider a unique opportunity, given his or her capabilities, to remove information, predominately in paper form, from the facility and transfer it to whomever they desired.

See also: Are you an insider threat?

Over the years, extensive knowledge has been accumulated on ways to identify and counter the insider. Centuries of experience indicates that insiders are mainly motivated to steal information for money, ideology, ego or due to coercion. Through understanding these motivations, personnel security programs were established to help identify employees who may be potential insider threats. For instance, if an employee in serious financial debt is determined to be vulnerable to one of these motivations, then the security professional may deem it best, with the Commanders approval, to temporarily suspend their access to sensitive information.

The insider in previous days could do great harm to an organization. However, research and tools were developed to help mitigate the threat. Primary controls revolved around the previously mentioned personnel security measures, physical security measures such as storing the information in a safe, and procedural mechanisms such as establishing access to information based upon a "need-to-know" basis. These safeguards helped make it more difficult for an insider to steal documents.

While protecting sensitive information in paper form is still a daunting task for security professionals, today is different as the previously one-dimensional insider threat now has three dimensions. Though there are many areas to consider when discussing the insider threat (i.e. mergers, acquisitions, supply chain interaction, globalization), there are three classes of insiders: trusted unwitting insider, trusted witting insider and the untrusted insider.

Originally published on CSO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question