Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResiliencePhysical SecurityCybersecurity News

People: The missing piece of the insider threat puzzle

Incorporating social and behavioral science in insider threat detection

By Claire Moravec
insider-threat-security-fp1170x4bm.jpg

Image via Freepik

November 18, 2022

Organizations have historically protected their infrastructure from adversaries by spending billions each year on singularly focused, cyber-centric reactive technology defenses. Similarly, the focus on resolving insider threat events has historically zeroed in on implementing defenses focused on network anomalies and addressing lax security protocols and information siloes within organizations.


Traditional defensive and remediation efforts only take us so far. They are proving to be ineffective and inefficient, as evidenced by an increase of 47% in security incidents with an insider threat nexus between 2018 and 2020. So, what’s missing? These efforts largely — if not completely — focus on the tech and ignore the people.


The making of an insider results from the complex interchange between individual, social, and organizational factors, and people are the common denominator. Despite top-of-the-line cyber defenses, extensive vetting, and monitoring, trusted insiders exfiltrate secrets, hack systems, and find themselves caught in the traps of adversaries.


Simply put, insider threat is a people problem, and we can no longer afford to deprioritize or discount the human factor in insider threat detection and remediation.


The Critical Pathway to Insider Risk

Edward Snowden. Robert Hansen. Aldrich Ames. Anna Montes. Nidal Hasan. What do they all have in common? Each weaponized the trusted access and placement they held in organizations and became poster children for insider threats; however, each person’s pathway to becoming an insider was distinctly different.


There are no one-size-fits-all behavioral profiles practitioners can use to identify or proactively detect insiders because no single typology of person becomes an insider, and no singular set of circumstances facilitates a malicious act.


Despite taking different paths, history and empirical research tell us that those who become insiders follow a rather predictable and critical pathway. Over the last 20 years, The Critical Pathway to Insider Risk (CPIR) has served as the leading multifactorial framework that takes common behavioral indicators and precipitating events into account, operationalizing the amalgam of factors into an index of risk for insiders.

 

Image courtesy of The Cybersecurity and Infrastructure Security Agency (CISA)

Person-in Environment

Popular culture has brought us wildly successful series like Criminal Minds and Mindhunter, introducing the world of the Federal Bureau of Investigation’s (FBI) ‘Criminal Profiler’ to audiences and bringing to the forefront the FBI’s strategic use of social and behavioral sciences to identify and capture violent criminals.


While you may not be hopping on a G5 and jetting across the country to hunt a serial killer as the fictional FBI squad does in Criminal Minds, incorporating social and behavioral sciences in your approach to mitigate the risk of insider threats to an organization is becoming a necessity. The focus cannot solely be on cyber-data and threats from nation states and need to equally narrow in on people and their pathway to becoming an insider. Social and behavioral sciences (SBS) are well positioned to address the complex and persistent human factor of insider threats so that organizations can start to be more proactive vs. reactive.


Unlike when catching a serial killer, demographic profiles provide little insight when it comes to proactively detecting insiders because spies, hackers and malicious insiders come in all shapes and sizes, ranging in age, education level, race, gender, etc. Using a person-in-environment approach to analyze behavior is most effective to understanding an individual and their behavior — how they see the world, how they think, how they respond to others.

 

The Individual 

Nearly 90% of Security leaders assert the necessity of using personal indicators and behaviors to identify high-risk insiders.


Individual attributes inform and baseline one’s behaviors and activities and the ways in which an employee interacts with their organization or its network. These behaviors are directly observable by others, and changes in them can be considered a threat indicator.


Biological and psychological factors and attributes — ranging from psychiatric disorders influencing self-control and judgment to narcissism, psychopathy, and/or a history of violent behavior(s) — increase the likelihood of someone becoming an insider. When combined with personal issues like financial distress, addiction, relationship changes (i.e., divorce) and unmet expectations, responsibility changes, compensation and/or recognition at work, these markers serve as predispositional person-specific indicators of possible insider behavior.


Due to the sensitive and incredibly personal nature of this threat indicator, organizations must comply with all privacy, labor and employment statutes, policies, rules, and regulations when exploring individual, behavioral-based indicators.


The Environment

Insider threats occur in a social context. Bottomline, organizational policies, cultural practice and cultural awareness within organizations matter. The pathway to one becoming an insider is not solely determined by individual choices, stressors and/or predispositions. The relationship one has with their environment has the potential to create an insider threat.


High-stress workplaces riddled with toxic, overly aggressive leadership who tolerate poor performance, and show no appreciation for employees, create additional motivation for a once trusted insider to become a risk to an organization.


In fact, a 2022 report from Palo Alto Networks and Unit 42 identified that around 75% of insider threat cases involved a disgruntled former employee who stole, destroyed, or improperly accessed data and/or networks.

 

Building a Trusted Workforce

Understanding how someone chose the insider threat path allows practitioners to better anticipate future threats and get in front of existing ones.


While we cannot predict human behavior with 100% certainty, approaching insider threat mitigation with a person-in-environment lens, combined with tried-and-true cyber indicators, only enhances an organization’s insider threat efforts.


Continuous evaluation and scoring of these combined factors — technical, human behavioral and social — are key to establishing structured and supported intervention points, allowing an organization to build and maintain a trusted workforce and ultimately stay ‘left of boom.’


The views and opinions expressed are that of the author and not those of the FBI or any other U.S. government agency.


This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: insider threats risk assessment risk management security operations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Claire Moravec is the first Deputy Director of Homeland Security for the State of Illinois. Moravec is a former Federal Bureau of Investigation (FBI) intelligence official and a Founding Member of the FBI’s first Social Media Exploitation team. In 2017, Moravec earned the FBI’s Medal of Excellence, recognizing her work supporting the National Covert Operations Section. Following Federal Government service Moravec served as the Senior Leader of Snapchat’s Trust & Safety Response Operations team.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Supply chain cyber security third party risk

    Third-party security: The missing piece in the cybersecurity puzzle

    See More
  • security-camera-fp1170x658v500.jpg

    Body worn cameras: The missing piece of critical infrastructure security

    See More
  • insider risk

    Inside the mind of an insider threat

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing