Preventing Insider Threats: The Power of Reporting and Early Detection

Learn how improved reporting by peers, family, and social contacts can help prevent insider attacks and protect your organization’s IT systems and data.

Insider threats can pose a significant risk to an organization’s IT systems and data. These threats can come from current or former employees, contractors, or business partners who have authorized access to an organization’s systems and data. According to a study by Randazzo et al. (2004), improved reporting by peers, family, and social contacts could have prevented many insider attacks. In this article, we will discuss the findings of the study and encourage organizations to develop their insider threat programs.

The study found that 80% of insider subjects raised official attention for concerning behaviors such as tardiness, truancy, arguments with coworkers, and poor job performance. In 97% of these cases, supervisors, coworkers, and subordinates were aware of these issues. This indicates that there were many opportunities for intervention before the insiders escalated their adverse behaviors.

The study also found that in 37% of the total cases, the insiders’ attack planning activity was noticeable by online (67%) or offline (11%) behavior, and in some cases, both online and offline (22%) behavior. In addition, in 31% of the cases, others had specific information about the insiders’ plans, intentions, and activities, including coworkers (64%), friends (21%), family members (14%), or someone else involved in the incident (14%). These findings highlight the importance of monitoring and reporting suspicious behavior, both online and offline.

Another important finding of the study is that 58% of the insiders in this study communicated negative feelings, grievances, or an interest in causing harm to the organization. 39% communicated negative feelings about the organization or an individual in that organization, or another individual, and 69% communicated these negative attitudes to someone outside the organization. In 20% of the cases, the insider made a direct threat to harm the organization, or an individual, to persons not directly involved in the issues. These findings indicate that organizations should pay attention to any negative communication or threats made by insiders, whether they are made internally or externally.

In order to prevent insider threats, organizations should develop a comprehensive insider threat program. This program should include the following elements:

1. Awareness and training: Organizations should educate employees about the risks of insider threats and how to report suspicious behavior.
2. Monitoring and detection: Organizations should monitor and detect suspicious behavior, both online and offline. This can include monitoring network activity, access to sensitive data, and physical security.
3. Incident response: Organizations should have a plan in place for responding to insider threats. This plan should include steps for investigating the incident, containing the damage, and preventing future incidents.
4. Recovery and remediation: Organizations should have a plan in place for recovering from an insider threat incident. This plan should include steps for restoring systems and data, and for addressing any legal or regulatory issues.
5. Continuous improvement: Organizations should regularly review and update their insider threat program to ensure that it remains effective.

In conclusion, the study by Randazzo et al. (2004) highlights the importance of improved reporting by peers, family, and social contacts in preventing insider attacks. Organizations should develop a comprehensive insider threat program that includes awareness and training, monitoring and detection, incident response, recovery and remediation, and continuous improvement. By taking these steps, organizations can reduce the risk of insider threats and protect their IT systems and data.

 

Don’t wait until it’s too late. Protect your organization from insider threats by developing a comprehensive insider threat program. Contact Cleard Life to discuss how we can help you create an effective insider threat program.

Take action today and secure your organization’s IT systems and data.

Personnel security is fundamental to good business.

Show me Evidence of your Insider Threat Program (ITP).

Why Should Businesses Use A Managed Personnel Security Services Provider? MPSSP vs MSSP