Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResiliencePhysical SecurityCybersecurity News

National Insider Threat Awareness Month 2022

By Security Staff
insider-threats-freepik1170x658v.jpg

Image by monsterstudio via Freepik

September 8, 2022

September is National Insider Threat Awareness Month, which emphasizes the importance of safeguarding enterprise security, national security and more by detecting, deterring and mitigating insider risk.


The risks of espionage, violence, unauthorized disclosure and unknowing insider threat actions are higher than ever; therefore, maintaining effective insider threat programs is critical to reducing any security risks and increasing operational resilience.


National Insider Threat Awareness Month is an opportunity for enterprise security, national security and all security leaders to reflect on the risks posed by insider threats and ensure that an insider threat prevention program is in place and updated continuously to reflect the evolving threat landscape.


Recent examples of insider threats include:

  1. In August 2022, a federal jury in California convicted Ahmad Abouammo, a former manager at Twitter, of acting as an unregistered agent of Saudi Arabia and other violations. In July 2022, a federal jury in New York convicted former CIA programmer Joshua Schulte of violations stemming from his theft and illegal dissemination of highly classified information. Harboring resentment toward the CIA, the programmer had used his access at CIA to some of the country’s most valuable intelligence-gathering cyber tools to covertly collect these materials and provide them to WikiLeaks, making them known to the public and to U.S. adversaries.
  2. In June 2022, civilian defense contractor Shapour Moinian pleaded guilty in California to federal charges, admitting that he acted as an unregistered agent of China and accepted money from Chinese government representatives to provide aviation-related information from his U.S. intelligence community and defense contractor employers.


To promote awareness, The Threat Lab and the National Insider Threat Task Force (NITTF) are hosting the third annual Virtual C-InT SBS Summit, a 30-day virtual education, awareness, and training event that looks at hot topics related to cognitive immunity relevant to Counter-Insider Threat professionals’ efforts to detect, mitigate, and prevent concerning behavior.


Below, in honor of National Insider Threat Awareness Month, security leaders offer advice on how to reduce insider threat risks effectively.


Chris Plescia, Chief Technology Evangelist, Aware:

Your employees are both your biggest asset and can present your largest threat. We continue to see an increase in both behavior indicators (changing employee sentiment and the way they are communicating) as well as actual acts where information (IDs, PWs, Screenshots, files) is shared. 


I feel much of this can be attributed to the comfort and casualness that everyone has using these digital tools for day-to-day business and personal communications, as well as the fact that it’s very easy to share things (IDs, passwords and screenshots) that contain sensitive information.  


Our research shows that 24% of insider threats are inadvertent. Even when one has the best intentions to help a customer or support the business, sharing of inappropriate information, IDs and passwords places the organization at risk. Likewise, 31% of the risk comes from malicious intent to cause harm or damage the reputation of an organization. It is important to be able to identify unanticipated behavior and have internal controls designed to trust but verify.


To mitigate these kinds of actions, we have a few key steps to follow: 

1. Choose secure collaboration platform(s) and ensure you have formalized governance and usage policies established.

2. Implement AI-based compliance monitoring to provide visibility, knowledge and insights across the content (both private and public).

3. Have a Team and established processes in place to act upon the alerts at all times. 


James Christiansen, CSO VP, Cloud Security Transformation, Netskope:

The ‘Insider threat’ has been one of the greatest threats since the beginning of IT. It’s the risk that never goes away because insider threats involve employees — often the weakest link in any company’s security posture. Employees are not only vulnerable to common attacks or insecure practices (e.g., email phishing), but they have bonafide access to workplace systems and an understanding of internal processes, providing the malicious insider a head start. For example, recent research found that 22% of users upload, create, share or store data in personal apps, creating an ever-increasing amount of data sprawl that puts sensitive company data at risk.


Organizations aren’t required to report internal losses associated with insider losses, meaning this issue is more prevalent than we know. While there is rapid change in technology, there are a few steps to protecting against an insider threat. First, strong background checks, general awareness, and targeted education to high-value employees are key to turning an insider from malicious to benign. Additionally, find ways to leverage analytic systems using strong statistical analysis to better understand normal and unusual behavior. By doing so, we can get better visibility, control, and ability to notify the users of their actions. Lastly, your best security monitor is your fellow staff members. Create a culture whereby if employees see something, they feel comfortable enough to say something.


Rick McElroy, Principal Cybersecurity Strategist, VMware:

As the Great Resignation continues and ‘quiet quitting’ becomes increasingly popular, organizations find themselves at a higher risk for insider attacks. Over the past year, 41% of cybersecurity professionals have encountered attacks involving insiders, according to VMware’s Global IR Threat Report. These findings underscore the increasingly critical nature of talent management when it comes to cybersecurity controls, especially as companies are trying to manage employee turnover, onboarding and the use of non-sanctioned apps and platforms. 


It’s critical for CISOs to have visibility into their own network to track insider threat indicators, such as data transfers and accessing unusual resources. This allows for organizations to better protect their proprietary information, and for security teams to more quickly detect insider threats.” 


Nabil Hannan, Managing Director, NetSPI:

To account for internal threats, there must be a mindset shift in what constitutes an organization’s threat landscape. Most companies focus exclusively on external threats and view their own people as trustworthy. As a result, insider threats are often under-addressed cybersecurity threats within organizations. We learned with SolarWinds that detecting such a threat is vastly different from traditional pen testing, code review or other vulnerability detection techniques. 


Security teams need to move from only looking for vulnerabilities to also looking for suspicious or malicious code. With a vulnerability, the threat actor interacts with the attack surface in a way that exploits a weakness. With malicious code, the threat actor is either choosing or creating the attack surface and functionality because they have control over the system internally. 


So, instead of the threat actor exploiting vulnerabilities in the attack surface, now the threat actor creates the attack surface and exercises the functionality that they implement. Failing to implement threat modeling that studies potential threats to both vulnerabilities and malicious code can set your organization up with a false sense of security.



Greg Foss, Principal Cloud Security Researcher, Lacework:

Think of the last employer for whom you worked. Did they have individual or shared accounts for corporate resources? Did access to these services exist outside of the corporate boundary, with no central means of access control? What about programmatic access that isn’t associated with an individual identity? Or better yet, cloud management infrastructure or even just one of the many instances hosted within. 


You are not alone if you answered ‘yes’ to any of these questions. Former employees will likely maintain access to some corporate resources, whether they know it or not. It’s not just the insider threat that we must understand, but “the former insider.” A possible recession brings significant uncertainty, resulting in many people with varying access to sensitive resources losing their jobs. Some of which become disgruntled. Organizations must understand their infrastructure, implement robust access controls, and monitor for misuse because once an insider, always an insider.



Mario Orsini, Associate Director, Security, Raytheon Intelligence & Space:

Insider threats can take many forms, but the top categories witnessed are typically: recruited, such as when a foreign entity uses exploitable weaknesses to convince an individual with access to provide information to those who do not have a need-to-know; volunteer, when an individual may choose to sell out their country or organization because of motivators such as greed, disgruntlement, divided loyalties, or ideological reasons; and unwitting, which is when an individual unwittingly gives away information through poor security procedures or clever elicitation collection techniques.


Regardless of the motive, it’s critical for organizations and their security teams to help prevent the next insider attack. One of the top ways to bolster protection is by adopting Zero Trust within an organization. Zero Trust principles such as ‘Never trust, always verify,’ network micro-segmentation, and least privilege access can be extremely effective in ensuring an organization doesn’t become the next major breach victim.


Will LaSala, Field CTO, Americas, OneSpan:

The rise of digitalization and Web 3.0 has led to an exponential increase in high-value transactions occurring online. As more processes become digitized, an array of solutions have cropped up, most void of security capabilities. These solutions are unable to verify and authenticate the true identity of the person or business on the other end of the contract — which creates opportunities for threat actors to take advantage of unsuspecting employees, gain access to an organization’s network and obtain sensitive data. 


Employees have become accustomed to signing contracts quickly and digitally, they are failing to verify whether or not the contract they have received is legitimate. As a result, employees are signing and unknowingly sharing confidential information with external threat actors. For example, attackers continue imitating the DocuSign brand, sending phishing links and documents that appear to be from DocuSign but in reality, are links and files that expose login credentials. With insider threats becoming a prominent security issue, organizations must take a proactive approach to mitigate exposure opportunities.


To ensure that employees do not unknowingly expose data when signing digital documents, organizations should add enhanced authentication to secure access to agreements as well as ‘flatten’ uploaded documents to avoid shadow attacks. Businesses that provide these solutions also have a role to play, ensuring the identification and authentication capabilities are built into the entire digital transaction lifecycle.


Daniel Elkabes, Vulnerability Research Team Leader, Mend:

In an era widely fueled by and dependent on data-driven tools, developers are under a lot of pressure to get software, applications, and products out quickly. Expedited work timelines, in tandem with increased demands and simple human error can result in developers unintentionally using open source code that has malicious packages; consequently opening the doors for threat actors to sneak in. For security teams who are working diligently to protect their organizations against external threats — addressing insider threats can be an intimidating topic to approach, as it shines a light on any oversights or errors that were made by colleagues. It is this hesitancy, however, that underscores the need to spread awareness.


With open source software providing many benefits to enterprises and development teams, their use and deployment will not slow down. And neither will developers. However, in order to elicit a real change in behavior and avoid risky code being used, developers need to understand the larger implications of their actions and the project. Hands-on, visual training will help developers see how quickly and easy it is for something to go wrong from a simple coding mistake. This will help reiterate the importance of regularly managing open source components and all their dependencies, and how this helps avoid putting the organization at risk.


In addition to training, developers should proceed carefully and dedicate more time to ensure they’re implementing the correct packages that are free of any malware or vulnerabilities. While easier said than done, developers should approach the process of downloading and installing packages for projects through two different steps to eliminate cases of vulnerabilities. First, developers should view the package to ensure that it is safe. Once the package is determined safe and free of any malicious software, developers can then move forward with installation. By taking off the blinders and helping developers see through an alternative lens that examines the repercussions of insider threats and steps that may not always be taken, security teams can provide a clearer image and equally shed light on the larger context of how insider threats impact businesses and customers.


Joe Payne, CEO and President, Code42:

Insider threats are not a new problem, but the problem has grown substantially because almost all corporate data has been digitized and, with a mouse click, can be moved to a personal email, Dropbox or Github account. Almost all malicious data theft from insiders occurs when people change organizations, which is on the rise because of the Great Resignation and recent layoffs. A new approach to stop theft and reduce risk is required.

For years, security teams have approached insiders the same way they do malicious external threats — blocking data movement (and therefore internal collaboration) isn’t as simple when it’s a colleague. Security teams that are used to dealing with external threats will find their tactics aren’t effective for handling internal threats. They need a new playbook and a new generation of technology.


Addressing insiders requires collaboration between security, HR and legal teams, leading with an empathetic approach. Often, employees are just trying to do their jobs when they create data risk. Investigative teams must shift their mindset before contacting the employee, get context to understand the situation and educate the employee to avoid future incidents. 

For example, it’s completely possible (and even likely) that your on-the-road sales member didn’t realize downloading her customer list from Salesforce to a personal device created risk for the team —  she just thought it would be easier to manage. Often, when a software developer puts his source code in his personal Github account, he thinks that this is okay and not against company policy. An empathetic approach is required in both examples to keep the employees engaged and productive. These simple steps can de-escalate stress for your users and help to build a culture of trust, open communication and respect, while also perpetuating a positive security culture.


Mike Scott, CISO, Immuta:

An uptick in insider threat-related incidents has ushered greater awareness around the need to not only protect the sizeable volume of data collected and stored by organizations but also who has access to it. While it’s hard for some to believe that someone within an organization will proceed with malicious intent, many businesses are guilty of giving employees more access to data and privileges than they need. As people come and go and data further cements itself as an essential resource for modern businesses, more steps must be taken to guarantee its security. 


This Insider Threat Awareness Month presents an opportunity for organizations to assess these security risks, assimilate how to detect, and protect their assets before an incident occurs, and manage the misuse of sensitive information in the event of a breach. Insider threats are not always intentional. One way organizations can ensure the proper protections are in place is to define what data needs to be protected, when the data should be protected — always or time-based — and who has access to the data. This way, businesses ensure that only the right people can view the right data at the right times.


Ben Johnson, CTO, Obsidian:

There are three aspects of insider threat that organizations need to keep in mind. When we meet someone, having seen their face, we often think there is no way they are a threat, so we over-share information and access. However, especially in the cloud age, it could be “one click to our own demise” in terms of accidentally leaking or publishing confidential information. The second aspect is that there are, sadly, true malicious insider threats where employees have sinister intentions, become disgruntled, or simply want to steal information to set themselves up for their next job. Finally, virtually every external threat has a goal — to gain access to your organization. Once they have access, what are they? They’re an insider. National Insider Threat Awareness Month needs to be taken as a serious reminder that if we cannot defend against insiders, we cannot defend against outsiders either.


KEYWORDS: cybersecurity insider threats national security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • insider threat

    September: National Insider Threat Awareness Month

    See More
  • Work desk with calendar

    Recognizing National Cybersecurity Awareness Month in 2024

    See More
  • Cyber Tactics 0920

    It’s coming: National Cybersecurity Awareness Month

    See More

Events

View AllSubmit An Event
  • April 16, 2025

    Modernizing GSOC Operations: Ensuring Full Control and Complete Situational Awareness

    ON DEMAND: For many organizations, physical security management can be a daunting task. Threats are on the rise and risks are becoming increasingly diverse. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing