Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Leadership and ManagementPhysical Security

Insider Threat: Why Physical Security Still Reigns

Cybersecurity gets much attention, yet physical security and investigations are still a key element in enterprise security, particularly with insider threats

By Diane Ritchey
Insider Threat: Why Physical Security Still Reigns - Security Magazine
May 1, 2018

Cyber, cyber, everywhere. Not a day goes by without some discussion, news item, or update about cybersecurity. Strong passwords, encryption, network patches, data breaches and more. The severe effects of data breaches have forced Boards of Directors and enterprise security to devote significant time and resources to mitigating the issue.

With all of the attention placed on cybersecurity, where has physical security gone? Have we gotten too far away from the basic “blocking and tackling” that enterprise security is built upon, which has enabled it to effectively reduce risk within the enterprise? Do Boards of Directors still understand the critical role that physical security still plays in the enterprise?

“I think the reason for the focus on cyber is because, at the boardroom level, it’s perceived as the much more significant risk than routine things like the theft of a wallet from the workspace or a trespasser,” says Jeff Berkin, Senior Vice President and Chief Security Officer for CACI. “Of course, those events do typically involve some kind of response by security, and perhaps an investigation as well. But they’re not really considered to rise to the level of a Board-level risk. So I think that’s why you’re seeing that focus now on cyber and on insider threat, particularly in the defense sector.”

Jeff Berkin, Senior Vice
President and Chief Security Officer for CACI - Security Magazine

“I think the reason for the focus on cyber is because at the boardroom level, it’s perceived as the much more significant risk than routine things like the theft of a wallet from the workspace or a trespasser,” says Jeff Berkin, Senior Vice President and Chief Security Officer for CACI. Photo courtesy of Jeff Berkin

Yet, Berkin acknowledges that smaller incidents could be signs of more potentially damaging incidents, particularly with insider threats.

“I think that’s all part of the whole notion of workplace violence prevention and the insider threat issue being sort of being multifaceted. That is, we often think of insider threat as occurring in the context of a theft of information, of data or confidential information. But it can also be the person with access to your facilities or premises who causes physical harm. And then we typically start to characterize that more in using language around workplace violence rather than insider threat. Yes, I think that small incidents can often be indicators of stresses that might lead to bigger problems down the line if they’re not addressed early. But overall, the reason that cybersecurity gets so much play is because I think that’s where the Board sees the highest headline risk and the greatest potential impact on a stock price. Insider threat is right up there, as well, and the publicity can be terrible if one of your own people does something that ends up in the newspaper.”

“It is interesting how much weight cyber is getting with the amount of investigations that we do,” adds Stan Borgia, Vice President, Corporate Security for Rolls-Royce North America Inc. “Employees are still taking print documents out of enterprises, and that requires an investigation. In almost every single investigation of an insider threat that we have seen, hard copy evidence is found to have been taken.” he says.

Borgia cites the case of former Rolls-Royce Corporation employee, Dr. Mozaffar Khazaee, who pled guilty and was sentenced to serve eight years in federal prison in October 2015 for stealing and attempting to send sensitive and export-controlled technical data on the F-35 Joint Strike Fighter jets to his native country, Iran. Dr. Khazaee admitted that his intention was “…transferring my skill and my knowledge to my nation.” Dr. Khazaee worked variously for General Electric, Rolls-Royce, and Pratt & Whitney. When he was arrested boarding a flight to Iran, he had sensitive Rolls-Royce export-controlled hard copy documents in his possession. Federal authorities also found Dr. Khazaee attempted to smuggle documents and electronic storage devices relating to the Joint Strike Fighter program and other controlled information to Tehran.

“I prefer that companies take an approach where they treat their employees well and employees understand that misbehavior hurts not only themselves, but also their colleagues.”

Borgia, who reached the level of Deputy Assistant Director Counterintelligence and served as the acting Director of Intelligence and Counterintelligence at the Department of Energy’s nuclear establishment during his career with the FBI, gained significant experience in defending the nation’s critical secrets. At Rolls-Royce, his vast investigative experience, including interviewing persons suspected of potential criminal behavior, is essential to developing prosecutable evidence in a case.

In more than one investigation involving the possible theft of highly sensitive information, successful interviews of suspect employees have resulted in the swift recovery of documents and external electronic storage devices beyond those discovered by forensic analysis.

It is common across the industry, where employees may feel a sense of “ownership” of information and work-product related to projects to which they have been assigned. Conversely, individuals who have gained insider access to highly sensitive information sometimes steal material to which they have no claim at all.

In either case, Borgia notes the purpose of information theft is almost always to support the ambitions of the perpetrator, while the information owner stands to lose in the competitive marketplace, or the loss may compromise U.S. National Security interests.

“Insider threat is the misuse of authorized access,” Berkin adds. “People are given access to do their jobs. Sometimes they’re given excessive access, access they don’t really need, which is a problem area. But the problem for us occurs when someone takes that authorized access and turns it to an unauthorized purpose. And we would anticipate seeing that sort of thing when, for example, people might be leaving employment under any set of circumstances. Whether they’re being terminated voluntarily or involuntarily they might choose to take proprietary information with them that they think will advantage them in a new role. Or if they don’t already have a new role, they might think it will make them more marketable. Or perhaps they’re going to start their own business, and they want to rely on information that is properly the property of the company that employed them. We also look to events that might become criminal activity, such as the example of people who are significantly delinquent in their corporate credit cards. They may pay their personal bills with a corporate credit card because they don’t have access to credit themselves because they’re in financial distress. Eventually they may be able to pay it back. But there’s certainly a risk to the company. The advantage of looking at those kinds of incidents is that a progressive company might look at these things as an opportunity to assist the employee before things really go off the rails.”

 

Investigative Skills and Tools

Borgia and Berkin both stress the importance of having specialist staff and teams with investigation skills to conduct the correct investigations necessary to mitigate insider threat actions.

“Insider threat and counterintelligence is a pretty specialized area,” Berkin says. “It benefits from staff who have worked those kinds of issues, typically in government because that’s where you normally find the investigative response in the FBI and in the military service counterintelligence agencies. Professionals with that kind of background understand how hostile intelligence services and other adversaries function. And consequently, they know what sorts of indicators to look for. And they also are typically trained and experienced investigators and interrogators, which are not skills that necessarily are present in other types of staff.”

Stan Borgia,
Vice President, Corporate Security for Rolls-Royce North
America Inc. - Security Magazine

“It is interesting how much weight cyber is getting with the amount of investigations that we do,” notes Stan Borgia, Vice President, Corporate Security for Rolls-Royce North America Inc. “Employees are still taking print documents out of enterprises, and that requires an investigation. In almost every single investigation of an insider threat that we have seen, hard copy evidence is found to have been taken.” Photo courtesy of Stan Borgia

One tool to mitigate insider threat that Berkin suggests is Employee Assistance Programs that include financial counseling or other forms of assistance to help people overcome whatever issues they’re facing. “What we don’t want to have happen is that people start to see that they have no alternative but to act badly to save themselves from whatever their situation is,” he says. “We don’t want that to progress to the point where our range of options becomes very, very limited.”

Other key elements to a comprehensive insider threat program, according to Berkin, include not only educating the workforce on what behaviors are acceptable and which aren’t, what to look for and how to report, but also consist of getting to know employees and what’s going on with them that might reflect on their propensity to do something untoward.

“Most companies these days do pre-employment screening,” Berkin notes. “But that’s a single snapshot in time. So an evolving trend in industry is to monitor employees on an ongoing basis. Any one of a number of services are available, which will notify the company if an employee is arrested, declare bankruptcy or if they have a lien placed on their assets. None of those things by themselves are necessarily disqualifying for employment at all. But they might be indicators that an employee is under stress or is getting themselves into a position where they might benefit from helpful and supportive intervention. That information can also be a useful adjunct to an investigation which has already been started based on something else with predication. It might give some insight and help an investigator understand the totality of the situation and construct an interview strategy that is more likely to be successful later on. But my philosophy is that detection is a late-stage intervention. And I prefer that companies take an approach where they treat their employees well and employees understand that misbehavior hurts not only themselves, but also their colleagues and their employer.”

“Most companies these days do preemployment screening, but that’s a single snapshot in time.”

Borgia says that continuous monitoring via physical security and IT security is vital in addressing threats to the enterprise posed by malevolent persons who gain insider access by any means. In his experience, a risk-based security plan tailored to place emphasis on sensitive programs, while focusing mitigation efforts around critical assets, works best. The Rolls-Royce Security team utilizes a collaborative model, partnering internally with Supply Chain, Human Resources, Strategic Export Control, Legal-Ethics-and-Compliance, and Information Technology functions to maximize internal resources and efficient information-sharing.

The importance of training programs, particularly for those employees with access to the most sensitive information, also cannot be overestimated. Borgia states: “We want employees to understand the techniques and trade-craft that hostile intelligence agents may use. These techniques may include soft personal introductions, often at trade shows or conferences, to the daisy chain of recruitment in which an intelligence agent induces the in-place defection of a trusted insider to betray the trust of the company.”

Borgia also credits success in both exposing and responding to the security threat to industry, to the Department of Defense, Defense Security Service (DSS), the Department of Homeland Security, and the FBI. He says, “…the law enforcement and intelligence communities are essential partners in our efforts to defend industry against tradecraft perpetrated by hostile intelligence collectors.” Borgia recognized DSS as a valuable partner to the defense industry where they are engaged in advances in the design and development of strategic threat analysis planning and new focus measures addressing risk to critical defense programs.

Suspicious online activities in industry, including abnormal of irregular information loading or downloading of emails with attachments, are key factors in identifying possible insider threats. Borgia recognizes, “Behavioral analysis is a very important tool. We are fortunate to have tools available to examine online activities to help us identify when there is a deviation from the norm. It is interesting –employees sign non-disclosure agreements and are educated about their obligation to protect the company’s information, but usage analysis exposes an insider’s intentions to betray that trust. ”

Employee “buy-in” is tremendously important in addressing security threats. Borgia notes, “Rolls-Royce employees are credited with alerting Corporate Security in more than 70 percent of our insider-threat cases that have resulted in action taken by the company or law enforcement.” Long-term analysis confirms that, “a strong security culture results in reduced risk.” Rolls-Royce fosters a security culture based on personal engagement on the part of employees at all levels, to include the direct support of corporate executive management, including the President and CEO and the Government Security Committee.

Overall, says Berkin, “I think sometimes insider threat actors can become so egocentric; caught up in their own concerns and looking for a way out that the adverse impact to their employer and to their co-workers perhaps isn’t really considered or is viewed just as incidental. Where a company has a really good employee assistance program and employees know that if they have issues or concerns they can go to their manager or they can go somewhere else, that the company cares about them; there’s at least the potential for intervention before misconduct even occurs.”

KEYWORDS: data theft employee theft insider threats Intellectual Property internal investigations loss prevention security investigations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Diane 2016 200

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Boeing - Dave Komendat - Security Magazine

    Mitigating the Insider Threat: Boeing's Successful Approach

    See More
  • The Danger Within: Confronting the Insider Threat

    The Danger Within: Confronting the Insider Threat

    See More
  • Security Talent Gap

    Why the Security Talent Gap Is the Next Big Crisis

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • Physical-Security-and-Envir.gif

    Physical Security and Environmental Protection

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing