Insider Threats: What Are They?

Insider threats pose a danger to every business, regardless of size or industry. Threats can be physical, financial, or reputational in nature, but the end goal is always the same: cause harm to the business. Human Resources (HR) professionals are essential in mitigating and deterring these threats. The Cybersecurity and Infrastructure Security Agency (CISA) recently published a letter outlining the role HR plays in combatting insider threats.

As a central repository for personnel information, HR professionals are likely to identify patterns, behavior, and trends that will help mitigate potential harm to an organization and its employees. 

An insider threat may be a current or former employee, business partner, or contractor who intentionally or unintentionally attacks an organization and its’ personnel using either physical or cyber-based methods.

An insider threat could be physical violence aimed at personnel or property of the business. The divulging of proprietary knowledge is also an insider threat, especially when the business has trade secrets or other confidential information that gives them a competitive advantage. Insider threats can be the deliberate sabotage of any part of the business: physical assets, personnel, or anything “that impacts an organization’s ability to function through subversion, obstruction, disruption, or destruction.” An extremely prevalent (but not often considered) insider threat comes from cyber security weaknesses; data leaks are a prime example of an insider threat that exposes personal information, while other breaches of cyber security could disclose how an organization’s information technology infrastructure is set up.

Instances of Insider Threats

Taken from CISA’s Human Resources’ Role in Preventing Insider Threats (sourced at the end of this article):

In February 2019, an employee at an Illinois-based factory opened fire on his co-workers after his notice of termination, killing five co-workers, and wounding another employee and five law enforcement officers. The incident, deemed workplace violence by investigators, also found that the perpetrator had a history of domestic assault, which was not revealed by the initial employment screening. 

In June 2018, a lawsuit brought by a major automaker accused a former employee of sabotaging manufacturing operations by stealing trade-secret information that was sent to an unnamed third party and making false statements intended to harm the company. Prior to the alleged actions, the company moved the employee to a different position due to performance issues and combative behavior toward colleagues. This event caused a major disruption to the company’s operations, finances, and reputation. 

In April 2017, a major healthcare insurance coordination service learned that a third-party employee was stealing and misusing thousands of members’ personal sensitive health data, including Social Security information, for more than a year. This incident followed a previous breach that cost the company millions of dollars. 

What Can We Do?

CISA recommends a few different planning strategies to mitigate the risk of insider threats.

  • Prevent: Tackling insider threats begins before the threat is an “insider.” Pre-employment screening plays a significant role in preventing these threats from materializing. HR professionals must take the steps to filter out potentially dangerous candidates. Verifying the accuracy of a resume, checking references, and running background checks are all ways threats might be spotted before becoming a company issue.
  • Recognize: HR professionals should keep up with current employees to ensure the risk of insider threats is minimized. They can do so by conducting routine training and awareness seminars that shed light on the threats most people do not often think about. They can also communicate clear organizational goals and policies to their employees to ensure all employees are familiar with company rules. Creating a culture of shared responsibility, connection, and respect will motivate employees to contribute to the bigger picture – something everyone is a part of. When employees do not feel like “just a number,” the threat of insider action is greatly reduced.
  • Monitor: Post-termination or separation with the company is often when radicalized insider threats come to light. Delivering the notification of termination discretely, respectfully, and in a manner that reduces the likelihood of embarrassment must be the first step. HR professionals can then conduct exit interviews to gauge how the employee might act after their last day of employment. They can also create a procedure to notify other employees when someone has been terminated; coworkers may raise concerns about the terminated employee after learning of the separation.

If you would like to read more about insider threats and how to mitigate them, visit CISA’s Insider Threat page here.

All information sourced in this article can be found here.

The scene from an Illinois factory shooting that left five dead and five police officers injured. The shooter was a disgruntled employee who was recently terminated.