Insider Threats – Imminent Danger Hidden in Plain Sight
By: John H. Austin, Jr
Organizations, states, and even countries are great about remaining vigilant amid potential attacks from the outside. But harm more often originates from within. So-called “insider threats” are taboo, because it’s easier to look beyond the castle walls than to consider someone in one’s own ranks could do the unthinkable. The domestic assault on the U.S. Capitol this January illustrates the importance of shedding light on this topic.
In preparation for the Presidential Inauguration on January 20, 2021, heightened security in the aftermath of the attack on the U.S. Capitol on January 6, 2021 transformed a historically festive ceremony into a national security event posing a dangerous threat to our country’s peaceful transition of power. The stakes could not have been higher for our nation.
Twenty-five thousand National Guard troops underwent enhanced background investigations by the FBI to identify potential insider threats. As a result of this rigorous process requiring additional checks and verifications, 12 National Guardsmen were removed, though a public reason was not offered. National Guard members routinely undergo background investigations when appointed, but the additional screening examined other factors in response to the elevated risks posed, including those from the COVID-19 pandemic.
The ripple effect on our private sector cannot be overlooked. The precautions taken on Inauguration Day represent new considerations that should be examined to protect an enterprise’s operations. The convergence of crises and our current social climate have created new security risks, meriting close attention at companies and firms. It is now imperative that the private sector take proactive steps to ensure that the risk profile of employees, third-party contractors, and supply chain vendors do not undermine the integrity or safety of a firm’s operations.
The safeguards taken by the military, most notably the Department of Defense, and other government agencies to conduct background checks that assess business conflicts of interest, financial viability, past criminal behavior, and civil liability are examples of the rigor imposed to manage risk in the public sector. Private sector firms and companies can benefit from a re-evaluation of their own risk management protocols to address the challenges of the pandemic and politically divided season.
For employees, contractors, and affiliates with access to competitively sensitive information, IT operations, or who are responsible for the transportation, storage, or destruction of hazardous materials, the control processes needed to manage their risk profile must be as precise and well-structured as possible. As corporate “insiders,” they can damage a company’s operations and reputation permanently.
Cyber-attacks are one area of global concern. They can be devastating. Recently, Russian has been accused of orchestrating a massive breach of government and private sector networks through a sophisticated IT framework facilitating cyber-attack. These external threats can be replicated by bad actors on the inside of a company or firm as well. They can do just as much damage, if not more.
Insider threats, that is, those security risks that emerge from trusted internal actors or contractors can be generated by blind spots or deficits within a company’s risk management framework and cyber security.
Those gaps are the foundation for a cyberattack incident that allows employee(s) to compromise the integrity of a computer system to damage, disrupt, or gain unauthorized access information.
But technology-based attacks are not the only way to enact harm. Employees may commit theft, financial fraud, lead confidential or IP-protected information, or fail to report illegal or unethical behavior by others.
Without a rigorous vetting process for evaluating employees, partners, vendors, and others with proprietary knowledge of systems and procedures, organizations can become victims of devastating security breaches.
Hiring managers and senior executives need to do more to prevent insider threats. They need to broaden and intensify accountability by implementing best practices and best-in-class software throughout the operational ecosystem, from employment to contracting.