Introduction

It’s all too easy to focus on fortifying our organisations to external threats. Too often, harm stems from within.

When it comes to ensuring security and integrity, few organisations can overlook the importance of understanding insider threats. Originating from individuals with authorised access and insider knowledge, insider threats adversely impact an organisation’s people, facilities, information, and systems.

At the extreme end of the spectrum are the threats posed by hostile state actors or organised crime groups, both seeking to infiltrate, recruit and exploit insiders to progress their malicious aims. Alternatively trusted individuals in a wide range of organisations may resort to committing harmful acts, either for criminal financial gain or a sense of disgruntlement, such as a grudge against colleagues, management, or leadership. Other scenarios featuring malicious insiders can include predatory or coercive behaviour with a sexual motive either aimed at colleagues, service users or the wider public.

Finally, insider risks can emanate from more mundane factors such as poor security awareness or data handling standards, resulting in accidental data breaches or loss of sensitive assets and information where there is no malicious intent, but the outcomes are equally severe. All these insider threat vectors have consequences that reach beyond organisational boundaries, affecting public confidence in essential services and the economy and causing potential harm to public institutions or critical national infrastructure (CNI).

Tackling this complex challenge calls for a practical yet strategic approach to threat detection, management and critically prevention. This is no small feat, but by better understanding how insider threats manifest, organisations can better defend against them.

In recent Insider Threat community event, Clue gathered insights from 20 investigations and intelligence professionals from a range of organisations including corporates, policing and wider law enforcement, government and CNI. This report aims to provide an overview of Insider Threats while exploring some of these expert perspectives.

The risk of malicious insiders

Perhaps what comes to our minds first when we think of insider threats, are individuals acting intentionally to harm an organisation. Motivations might be for personal gain or seeking retribution for personal grievances. Their actions may range from leaking sensitive information or stealing intellectual property and proprietary information with the hope of financial gain or advancing their careers. Other intentional insider threats include harassing colleagues, perpetrating violence, or sexually predatory behaviours.

A subset of this, namely collusive insider threats, involve individuals collaborating with external actors, such as nation states or Organised Criminals Groups (OCGs). This may be willingly or because of exploitation based on a vulnerability that the external actor has identified and used as leverage. These nefarious collaborations may result in substantial compromises to the organisation, for example cybercriminals recruiting insiders to facilitate fraud, intellectual property theft, espionage, or a combination of malicious activities.

Furthermore, third-party threats introduce an additional layer of risk, involving contractors or vendors with granted access to an organisation’s facilities, systems, networks, or personnel. These threats, whether direct or indirect, underscore the importance of considering external entities that enjoy the access privileges equivalent to employees, that may pose risks to an organisation’s security.

The impact of technology

The intersection of technology and insider threats introduces a complex landscape of challenges for organisations striving to safeguard their assets. Organisations are increasingly alarmed by the rapid advancements in technology, as each innovation introduces new vulnerabilities that malicious insiders may exploit.

According to our respondents, a notable concern lies in information leakage facilitated by social media platforms. Employees, often unknowingly, become unwitting sources of information leakage as they share sensitive details, inadvertently providing malicious actors with valuable data or exposing vulnerabilities that can be exploited to corrupt an insider. Phishing and social engineering, two common tactics employed by cybercriminals, find fertile ground in the realm of social media. These platforms become arenas for gathering intelligence, allowing attackers to launch targeted phishing attacks by exploiting the trust and relationships built within these online communities.

Meanwhile, data breaches are often associated with insider threats. Unauthorised access to sensitive data is a pervasive concern, particularly with the growing reliance on digital platforms and cloud services. The potential for both intentional and unintentional data breaches looms large, underscoring the critical importance of implementing robust cybersecurity measures and proactive strategies to counteract the evolving technological facets of insider threats.

Fortifying organisational integrity

Not all insider threats are malicious – many are unintentional. But this doesn’t mean they should not be addressed with the same level of scrutiny. Stemming from inadvertent actions rather than malicious intent, these threats pose a unique challenge for organisations.

Education and engagement initiatives stand as the first line of defence. Organisations must invest in comprehensive security awareness programmes to educate employees about the risks associated with social media use and technology. Training programmes play a crucial role in raising awareness and empowering employees to recognise and report potential threats. Clear policies and guidelines on social media use, coupled with consequences for violations, are indispensable. Monitoring tools can further help enforce these policies and detect suspicious activities, providing an added layer of protection against unintentional threats.

Organisational culture is a key factor in mitigating unintentional insider threats. A positive and inclusive culture, where ethical behaviour is not only encouraged but also rewarded, serves as a powerful deterrent. Management support is crucial in fostering such an environment. Engaged and supportive leadership sets the tone for acceptable behaviour and ensures that potential threats, even unintended ones, are promptly addressed.

Discussions with our Insider Threat community surrounding social media underscore the need for a nuanced approach. As younger generations migrate to new platforms, organisations grapple with understanding and addressing evolving social media landscapes. Education becomes pivotal in helping individuals comprehend the impact of their posts, especially considering the visibility of shared media to a wider audience.

Conclusion

This report sheds light on the multifaceted challenges posed by insider threats, urging organisations to recalibrate their security focus beyond external adversaries.

Whether stemming from intentional malice, collusive, coerced, exploited, or inadvertent actions, the impact of insider threats permeates organisational boundaries, affecting public confidence and posing potential risks to our economy and national security.

Addressing these challenges necessitates a strategic approach, as highlighted by insights from our Insider Threat community, emphasising the need for nuanced understanding, rigorous approaches to vetting, developed capabilities to detect and investigate, adaptive security measures, and a positive organisational culture.

Education, engagement, and proactive management support are pivotal in fortifying organisational integrity against both intentional and unintentional insider threats, laying the groundwork for resilient security practices in a complex, evolving threat landscape.

Learn more about Clue for Insider Threats and book a consultation with our Director of Intelligence and Investigations, Matt Horne.