Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResiliencePhysical SecurityCybersecurity News

How to keep a pulse on insider threats

Why it is critical for HR and security staff to work together to establish a robust insider threat mitigation program

By Steve Moore, Tyler Farrar, Gianna Driver
security-partners-fp117x658v4.jpg

Image via Freepik

November 21, 2022

Many organizations have succeeded in building an incredible security infrastructure to detect cyberattackers. This process involves creating a flexible architecture that enables business growth and protects it and a security team that works tirelessly to match pace with adversaries and mitigate risks and threats.


Sometimes the threat hits close to home. A recent survey from Ponemon found that the total average cost of insider threats to organizations in 2021 was $15.4 million. With distributed networks, remote workforces and new digital processes, the risks of insider data breaches are growing. 


What should organizations watch out for? The answer isn’t that simple. The stereotype of the rogue IT administrator who misuses privileged credentials to burrow through networks and exfiltrate data is just one profile. According to the same survey, criminal insiders accounted for 26% of recent incidents. Other staff may seek to steal credentials, just like outsiders, and use them to sabotage operations or commit fraud. These insiders accounted for 18% of attacks. 


While not as exciting, negligent behavior constitutes 56% of insider threats. These incidents are driven by poor worker security practices, such as sharing devices, clicking on phishing emails, not protecting information, and having computers or hard drives stolen.


Use Both Technical and People Sensors to Detect Insider Threats 

So, what should organizations do if leaders are concerned about insider threats? Surprisingly, the answer isn’t just to apply more technology.


A critical first step is to define the problem. IT and security leadership should work together to clearly define what insider threats mean for their organization, build a cross-functional coalition to address these risks and agree on proper governance. 


Next, it’s time to involve security teams who own the tooling that identifies many risks. These technical sensors, or platforms, can automate the discovery of anomalies that teams can then investigate. These issues include compromised credentials, lateral movement within networks, escalating privileges, account manipulation, data access abuse and destruction of audit logs and file data, among others. 


However, people sensors also provide important input that should be considered and combined with these technical sensors. Human resources (HR) teams and people managers understand organizational culture and employee engagement. They can mine data such as staff behavior on Zoom calls, poor performance reports and incident data. By doing so, they can identify issues like disengaged employees who are checking out at work, people who may be acting out or staff who are searching for new jobs at competitors while using their company devices. 


These working teams, or a broader governance group, can set up standing calls with HR and country or regional leadership to better understand employee sentiment and any areas of concern. Combined with threat intelligence, this information can help local leaders understand potential bad actors, their attack strategies and tactics, and how they’re changing. These local leaders can then feed this information back to IT and security teams, who can use it to proactively harden defenses and focus on the right threats.


Of course, organizations can only expect loyalty from staff if they have healthy cultures, pay them a fair wage, and offer career advancement prospects. Organizations that exploit staff will obviously be at greater risk for insider-outsider attacks than those that treat employees well. In addition, leadership must consider how contractors, vendors and third parties treat their employees, as these workers could potentially retaliate against their employers by harming customers. 


Why Organizations Should Build a Strong Risk-Aware Culture 

Many leaders are concerned about the optics of discussing insider risks, which sounds like they are spying on their employees and encouraging staff to do likewise. That’s why some are rebranding to discuss the risks that “trusted insiders” can create when they misuse credentials or exploit network gaps. The phrase “trusted insiders” implies that these individuals are responsible for upholding organizational faith in them and protecting network access and privileges and that there are consequences for not doing so. 


However they brand these threats, organizations should proactively communicate with employees about them. Many organizations are building a risk-aware culture and committing to evolving its maturity. This typically involves moving beyond a once- or twice-yearly training program to creating an ongoing risk awareness program that addresses key threats. These programs benchmark employee understanding of organizational risks, implement role- and topic-based communications and campaigns, streamline critical processes and measure progress. As part of this process, security leaders will also likely want to provide clear and transparent policies and updates, develop a central risk awareness portal with resources and publicize reporting processes. In addition, leaders will want to share what they do when they suspect a risk and the penalties for malicious behavior.  


How to Respond to Suspected Insider Threats 

So, what happens when organizations suspect an insider threat? One mistake organizations make is not having well-codified processes for reporting and investigating threats or placing this responsibility solely on security operations center (SOC) teams.


Instead, organizations should take the time to develop and codify reporting, investigation, and escalation processes that involve HR and security teams. SOC teams will analyze technical sensors and determine if insiders have malicious intent to steal data or cause operational disruption. If so, they will present a case to HR for escalating the incident, such as disabling accounts, locking down computers, and possibly considering additional corrective action.


In addition, organizations can conduct tabletop exercises on different incidents that could cause security risks. They can work to understand the intent of attackers, likely pathways they will take to achieve their objectives, and how incidents could escalate, using this information to evolve policies and processes. Issues may appear as malware or compromised credentials but, upon investigation, be revealed as negligent insider activity. 


By working together, HR, security teams, and business partners can envision new risks, learn from past incidents, and continue to improve processes. In this model, organizations use both technical and people sensors to protect their businesses and staff in a landscape of growing cyber threats.


Stay Apprised of Employee Risks and Motivations 

Even with well-defined processes and capabilities, insider incidents can occur. Poor information and device handling processes can put data at risk, or unhappy staff can retaliate against their employer. However, organizations that focus on creating a healthy culture, educating and empowering staff, and following preset transparent policies and protocols can reduce malicious and negligent insider incidents. 


By doing so, organizations can create a strong brand as a risk-aware culture that empowers employees and attracts customers, while minimizing the impact of data breaches and other losses. 

KEYWORDS: HR security partnerships insider threats risk management Security Operations Center (SOC)

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Steve Moore is Vice President and Chief Security Strategist at Exabeam.

Tyler Farrar is the Chief Information Security Officer (CISO) at Exabeam. He graduated from the United States Naval Academy in 2012, and received his Bachelor of Science in Aerospace Engineering. Tyler continued his education at Robert H. Smith School of Business, where he earned a Master of Business Administration in Accounting and Finance.

Gianna Driver is Exabeam's Chief Human Resources Officer.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybersecurity

    How to Minimize the Risk of Insider Threats (Physical and Cyber) During COVID-19

    See More
  • work from home

    3 ways to mitigate insider threats in a distributed workforce

    See More
  • SEC0120-insider-Feat-slide1_900px

    Rethinking "Red Flags" - A New Approach to Insider Threats

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!