Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

4 ways to identify and prevent insider threats

By François Amigorena
employee works on computer
May 18, 2022

Risks abound in the current cyber threat landscape. While it’s tempting to focus on the many external threats, now is not the time to lose sight of insider threats.

Can the information technology (IT) team identify common motivators and risk factors? Most importantly, can security leaders answer this question: are employees the best defense or weakest link in the fight against insider threats? Organizational cybersecurity depends on getting this answer right.

#1: Acknowledge the risk 

Ideals about employee loyalty fall apart in the face of cold, hard statistics. Over the past year, a staggering 94% of organizations experienced an insider breach. Of those, human error was the root cause (84%). But of the 16% of breaches that weren’t caused by error, 66% originated from a malicious leak. Concerning? Yes, especially when the same study reports only 28% of IT leaders are worried about “intentionally malicious behavior” as a potential cause of an insider breach. Add to that, 23% of employees surveyed think it’s fine to take company data with them to a new job (which can have dramatic consequences, as seen in the high-profile trial against two former GE employees). There’s clearly a disconnect between reality and perception of the danger of insider threats — one that puts organizations at risk. 

#2: Learn to recognize potential inside actors 

After acknowledging the risk, the next step is to anticipate where an insider threat might come from. By definition, an insider threat means that the actor has either internal or remote access, bypassing the system’s firewall or other network defenses. These insiders are often employees, but they can also be business partners, contractors or vendors. Anyone who has access to the network from inside can sabotage your security, misconfigure the system to allow data leaks, or commit IP theft or fraud. 

#3: Identify what drives an insider threat

What motivates an insider threat? The exact answer depends on an organization’s industry, size and IT infrastructure. Yet a few motivators appear time and again across industries and company sizes. Here are a few of the most common drivers of an insider threat.

Human error

Most of the time, insider threat actors have no malicious intent. They’re simply careless or neglect to follow security protocols. Or, they aren’t aware that their actions can compromise security (as we see often in non-technical roles). 

Confusion about cybersecurity responsibility

Confusion about who exactly is responsible for cybersecurity is common. IT leaders know how hard it is to get users to take responsibility for the role they play in data security. Then, there’s the reality that some users need more convincing than others. Cybersecurity leaders can best prevent insider threats when management leads by example, encouraging all employees to take ownership of IT security. 

Malicious intent

A malicious insider usually has one goal: to gain from exploiting or sharing company data. Maybe they’re a disgruntled employee who just got fired or passed over for a promotion. Or maybe they simply don’t like the company or person responsible for cybersecurity. IT leaders shouldn’t work in a silo; it’s important to keep a pulse on what’s going on in the company.

Conscientious objection

Organizations in industries like defense, intelligence or critical infrastructure also face additional risks. In some industries, the employee you trust with sensitive information could be a spy. And high-profile cases of whistleblowers sharing sensitive information with regulatory bodies or even the public exemplify insider threats. 

#4: Monitor risk factors

While motives are tricky to identify, especially for busy IT teams, risk factors are often easier to spot. Let’s take a look at a few of the most common. 

User behavior

IT administrators should be on the lookout for suspicious user behaviors, like employees who: 

  • Log in at unusual times or from unusual locations
  • Access applications or systems for the first time
  • Copy large amounts of information
  • Badge into work at unusual times

Level of access

Next, look at who has the highest level of access in the organization: the IT administrator. Consider the risks of employee threats at every access level. For example, if an IT administrator is let go and decides to use their access privileges to threaten the organization, they hold the access and knowledge to execute a severe threat. Insider threats like these can bankrupt smaller organizations and heavily damage the reputation of larger ones. In other words, “watch the watchers.”

Remote work

As more teams go hybrid or fully remote, insider threats increasingly originate from outside the network. Why? It’s easier for hackers to access devices offsite, especially if employees use their own devices. But even if remote employees use only company-issued devices, remote work opens a Pandora’s Box of risk:

  • What if the device gets lost or stolen?
  • Can the organization remotely wipe all devices?
  • Has the cybersecurity team educated employees to minimize careless user behavior (like leaving the laptop unattended at a coffee shop)? 

The IT team should mandate same security software and protocols for remote devices as they do for onsite devices.

Stop insider threats before damage is done

Identifying an insider threat or risk factor isn’t easy, but knowing what to look for and developing an alert security posture is the first step. Because if the security team doesn’t, the consequences of an insider attack (data loss, service outage, penalties and reputational damage) can sink even successful companies.

In a world where insider threats are increasingly common, the question is not so much whether employees are a weakness or not, but what security measures can secure the network from attack? When it comes to insider threats, an ounce of prevention is worth a pound of cure.

KEYWORDS: cyber attack cyber security leadership employee risk insider threats remote workers risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Francois amigorena headshot

François Amigorena is the Founder and CEO of IS Decisions, a global software company specializing in access management and multi-factor authentication (MFA) for Microsoft Windows and Active Directory environments. A former IBM executive, Amigorena is also a member of CLUSIF, a nonprofit organization dedicated to information security.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • work from home

    3 ways to mitigate insider threats in a distributed workforce

    See More
  • Insider Threat

    Insider Threat: How to Properly Govern Identities & Identify Nefarious Actors

    See More
  • cyber security

    4 ways to improve your online privacy as a remote worker

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing