A Human-First Approach to Minimizing Insider Threats

By Dale Killinger

Every generation has lived in ‘unprecedented times.’ Why is that? The variables are constantly changing. Currently, there are more than a few factors that can make things even more tumultuous when it comes to assessing the impact of insider threats to your business’s security. But it’s not all bad news, and please don’t panic. There are fundamental considerations we can all take toward understanding the necessary steps for the protection of those financial and intellectual assets critical to business operations. 

The past three years have seen a rise in sanctions and political pressures, waves of recessions, as well as higher employee turnover due to combined forces of instability the business world has been forced to contend with. The attack on the power grid in Moore County, North Carolina, and the leak of information from the Supreme Court show that immediate and impactful information can already be in the wrong hands. According to a recent report, insider threats accounted for almost 35% of all unauthorized access threat incidents in Q3 of 2022. 

In business environments where the presence and origin of genuine insider threats can so easily be masked or subtly misinterpreted, successful mitigation ultimately comes down to the investment and support you put into designing an Insider Threat Program (ITP). 

Many think of ITP design as layers of technical measures and redundancy, such as two-factor authentication, data loss prevention, and other stopgaps – but what’s at the heart of the matter is something much more human – our employees. When you know the risk is real, what can you do about it? 

Get support/buy-in from the right C-level member

A program of this type can only be effective if utilized and supported by the company, meaning you need executive leadership onboard and actively participating. In my experience, the most crucial indicator of a successful ITP is the level at which the executives are engaged. 

The specific title varies. Your chief operations officer or General Counsel are often the best candidates, with broad organizational positioning – allowing for both their administration authority and your ITP to receive the support needed to be most effective.

Recognize a potential threat, make a change

70% of all insider threat cases relate to some kind of financial motive. Understanding the different financial and compensation structures that impact your internal teams is an excellent place to start. At big banks, traders have different financial incentives than most other employees.  The same can be said of many business development executives in a large number of corporations.  Recognizing that disparities in incentive structures may increase risk and taking actions to decrease the likelihood of threats such as bribery, corrupt solicitation, acceptance, or transfer of value in exchange for official action makes sense.

Where most ITPs miss the mark – not understanding culture

In my experience, amongst 90% of the organizations I’ve analyzed, the topic of corporate and/or team culture is never mentioned as context for recognizing and addressing insider threat issues.  Organizations are complex, and the fundamental factors contributing to corporate culture – shared attitudes, values, goals, and practices – are autonomous, yet totally intertwined. An effective ITP incorporates the review of all organizational practices which may be conducive or give rise to increased risk for potential insider threats.   

Such reviews may discover policies that inadvertently benefit one employee group over another, thereby increasing tension within collaborating work groups, such as the financial incentive programs mentioned earlier.  Another example may be circumstances where a designated set of employees has unrecognized, extraordinary access to corporate trade secrets or sensitive intellectual property.  

A successful approach means realigned focus with intent

Effective ITPs are led from the top of the organization, focus on the employees, and leverage technology to provide key support when identifying potential risks, along with a data-driven contextual understanding of the environments in which employees work. 

While you may not think your company is a prime target for insider threat, the conclusive reality for any organization and its shareholders is that catastrophic losses to business operations, infrastructure, human resources, and even customers, including trust in the marketplace, can occur as the result of just a single incident. I have seen firsthand the array and variety of these business impacts on pharma and technology companies with highly sophisticated security models, as well as goods manufacturers and commercial construction firms with vulnerable and limited threat protocols in place. 

In thinking through robust ITP design capabilities, the risks are too great not to be deliberate in the application of resources toward assessing your business’s insider threat needs. Your business is also a micro-society with many participants and contributors in your charge. Take it seriously.

Dale Killinger is a Senior Consultant for Global Data Risk and Retired Special Agent, Federal Bureau of Investigation, where he spent 10 years as a field agent and 7 years heading the Counter-Terrorism Unit in Washington, DC. As a consultant he provides assessments of enterprise-wide employee risk and Insider Threat programs to Fortune 100 companies, as well as designing implementation roadmaps for success. His work spans from enterprise level to in-depth advising on behavioral indicators and model designs for Insider Threat systems. This includes investigations into corporate malfeasance, compliance, and other regulatory issues. Killinger also provides subject matter expertise in support of civil ligation related to the theft of intellectual property. He has investigated all manner of crime, including civil rights violations, crimes against children, bank robberies, white collar crimes and other violations of federal law. Killinger is a certified FBI hostage negotiator and police instructor, and his most notable investigation was the 2004 investigation into the 1955 murder of Emmett Till. He holds certifications as an Insider Threat Program Manager and Insider Threat Vulnerability Assessor from Carnegie Melon University.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.