Insider Threats – Imminent Danger Hidden in Plain Sight

By: John H. Austin, Jr

Organizations, states, and even countries are great about remaining vigilant amid potential attacks from  the outside. But harm more often originates from within. So-called “insider threats” are taboo, because  it’s easier to look beyond the castle walls than to consider someone in one’s own ranks could do the  unthinkable. The domestic assault on the U.S. Capitol this January illustrates the importance of shedding  light on this topic. 

In preparation for the Presidential Inauguration on January 20, 2021, heightened security in the aftermath  of the attack on the U.S. Capitol on January 6, 2021 transformed a historically festive ceremony into a  national security event posing a dangerous threat to our country’s peaceful transition of power. The stakes  could not have been higher for our nation. 

Twenty-five thousand National Guard troops underwent enhanced background investigations by the FBI  to identify potential insider threats. As a result of this rigorous process requiring additional checks and  verifications, 12 National Guardsmen were removed, though a public reason was not offered. National  Guard members routinely undergo background investigations when appointed, but the additional  screening examined other factors in response to the elevated risks posed, including those from the  COVID-19 pandemic.  

The ripple effect on our private sector cannot be overlooked. The precautions taken on Inauguration Day  represent new considerations that should be examined to protect an enterprise’s operations. The  convergence of crises and our current social climate have created new security risks, meriting close  attention at companies and firms. It is now imperative that the private sector take proactive steps to ensure  that the risk profile of employees, third-party contractors, and supply chain vendors do not undermine the  integrity or safety of a firm’s operations. 

The safeguards taken by the military, most notably the Department of Defense, and other government  agencies to conduct background checks that assess business conflicts of interest, financial viability, past  criminal behavior, and civil liability are examples of the rigor imposed to manage risk in the public  sector. Private sector firms and companies can benefit from a re-evaluation of their own risk management  protocols to address the challenges of the pandemic and politically divided season. 

For employees, contractors, and affiliates with access to competitively sensitive information, IT  operations, or who are responsible for the transportation, storage, or destruction of hazardous materials,  the control processes needed to manage their risk profile must be as precise and well-structured as  possible. As corporate “insiders,” they can damage a company’s operations and reputation permanently.  

Cyber-attacks are one area of global concern. They can be devastating. Recently, Russian has been  accused of orchestrating a massive breach of government and private sector networks through a  sophisticated IT framework facilitating cyber-attack. These external threats can be replicated by bad  actors on the inside of a company or firm as well. They can do just as much damage, if not more. 

Insider threats, that is, those security risks that emerge from trusted internal actors or contractors can be  generated by blind spots or deficits within a company’s risk management framework and cyber security. 

Those gaps are the foundation for a cyberattack incident that allows employee(s) to compromise the  integrity of a computer system to damage, disrupt, or gain unauthorized access information. 

But technology-based attacks are not the only way to enact harm. Employees may commit theft, financial  fraud, lead confidential or IP-protected information, or fail to report illegal or unethical behavior by  others. 

Without a rigorous vetting process for evaluating employees, partners, vendors, and others with  proprietary knowledge of systems and procedures, organizations can become victims of devastating  security breaches.  

Hiring managers and senior executives need to do more to prevent insider threats. They need to broaden  and intensify accountability by implementing best practices and best-in-class software throughout the  operational ecosystem, from employment to contracting.