Noah Price – Insider Threats: The Risks Employees can Pose

Noah Price - G4S HeadshotIn his second blog for Infologue.com, Noah Price, G4S Academy International Director, provides an overview of the risk employees can pose to organisations and how companies can prevent them.

With insider threats on the increase, G4S Academy International Director Noah Price explains the risks and threats employees can pose to an organisation and how to prevent them.

If asked to describe a physical security breach that can impact a company, most people would think of an external criminal intent on harming an organisation. But what if the attack comes from within? Perpetrated by someone you should be able to trust?

Insider threats are a serious security risk that every business must prepare for. Failing to do so could be reputationally or financially damaging. According to G4S’s first-ever World Security Report, internal threats are expected to increase next year, with 92% anticipating their company will be targeted.

What is an insider threat?

An insider threat is carried out by someone who exploits their ‘authorised’ access for ‘unauthorised’ purposes.

The employee, subcontractor or someone permitted to work within your organisation can get their hands on confidential or sensitive information, data or communications. They may then hold the organisation to ransom in order to return what they have stolen, they may leak the information into the public domain, or they may choose to sell the stolen material to a third party or hostile state.

Types of insiders.

Threat actors who commit an insider threat are usually classified as a ‘knowing insider’ or an ‘unknowing insider’. A knowing insider is someone who deliberately uses their access on purpose to cause harm. They are often motivated by financial gain. Or, sometimes they are stealing company data to gain a competitive edge for a new venture or may be disgruntled. Usually, they are a lone wolf who acts on their own without any other influences. For example, a system administrator or database admin may abuse their high level of privilege. They could access valuable items, sensitive information or money. This is often difficult to prevent.

This person could be someone the company once trusted with sensitive information and access. But something happened to make this employee feel disgruntled and aggrieved. They may feel like they need to get “get even”, due to unfair termination, a lack of recognition or some other slight. Or, they may be someone who suddenly finds themselves in difficult circumstances in their personal life.

An unknowing insider is someone who may not fully understand what they are doing, or becomes an Insider threat by mistake. An example could be an employee who forgets to log out of their work account on a public computer; leaving it vulnerable for others to access. Or, someone who accidentally loses a flash drive or classified papers that contain sensitive information.

It’s easier than you think to mistype an email address and send sensitive information to the wrong person. Unknowing insiders can also be unaware that they are being taken advantage of by others. They might download malware, give information to scammers or click on a link in a phishing email.

Insider threats data.

Concerningly, internal threats are increasing. 89% of CSOs say their company experienced some form of internal threat in the last 12 months according to the World Security Report; this is expected to increase to 92% in the year ahead.

Misuse of company resources or data is the most common internal threat, with 35% having experienced this, followed closely by leaking of sensitive information at 34%. This threat is expected to become the biggest internal threat in the next 12 months.

Misuse of company resources or data has the strongest correlation with implementing more effective security.  This was the internal incident most likely to drive companies to improve their security in the last year.

Unauthorized access to company resources or data, industrial espionage and intellectual property theft are all expected to increase in the next year. Perceived financial gains may entice a company employee to share confidential information in exchange for payment.

 Insider threat case studies.

Insider threats make headlines; news outlets regularly report on high-profile or unusual incidents – which can damage a brands reputation in the media, with customers and stakeholders.

The British Museum announced in August 2023 that up to 2,000 objects from its storerooms were missing, stolen or damaged. An employee was dismissed and the police are investigating.

A European news site reported in March 2024 that sensitive files of top law enforcement officials at Europol had gone missing, sparking a crisis. Politico reported that “a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. They were supposed to be under lock and key, in a secure storage room deep inside Europol’s headquarters in The Hague.”

How to prevent an insider threat?

Fostering a culture that combines security awareness alongside up-to-date equipment and technology is the best preventative measure.

Employees should be regularly trained to identify phishing attempts and suspicious behaviour, as well as reminding them of data security protocols. They should also only have the access they need to certain documents and areas of a building.

Additionally, implementing strong access controls restricts digital and physical theft or leakage. Ideally, access controls should be enhanced with surveillance technology. When employees know the cameras are on them, it’s harder to do anything deceitful. Cameras can also help with the issue of people using each other’s access cards. The CCTV footage will show who actually entered any specific area, and exactly what they did there. CCTV will never be enough by itself, but should be part of a full security system and monitored by a well-trained team.