Insider Threat

Developing a security culture within an organization is about encouraging staff to respect common values and standards for security, whether they are inside or outside the workplace.

An Insider Threat is a person who exploits or has the intention to use their authorized access to an organization’s assets for unauthorized purposes. An insider is someone who (knowingly or unknowingly) misuses allowed access to commit a malicious act or damage their employer. These days, most insider acts involve IT exploitation, termed “Cyber Insider”.

An employee of an organisation knows the workplace and can move within the environment freely. An insider could be a full time or part-time member of staff or business partner.

Recommendations

  • Review your insider threat programme, expand the entire process into a well-managed operation. Ensure the programme includes behaviour awareness, mental health awareness, operational deterrents, security challenges, audits, and continuous personnel vetting.

  • Implement comprehensive community-wide eyes and ears reporting method to ensure suspicious and out of place activity is exposed to maintain a high deterrent factor through the programmes use of security and law enforcement interaction and investigation.

  • Provide methods of confidential, but not anonymous, for personnel to report concerns. Establish a risk assessment process for the information with actionable outcomes.

  • Create 'red teams' to test insider threat mitigation, carry out audits and review effectiveness.

Review the CSBP Preview Guide

CSBP Guide in EN & ES