What is ‘insider threat’?

When we think about threats to our organisation we tend to think of external threats: of hackers and other security risks.

Insider threat is the threat from someone with authorised access to systems, buildings or assets who, knowingly or not, use their access to cause harm to the organisation. An ‘insider’ could be anyone working for your organisation, an employee or former employee, a contractor, a consultant or a business partner.

This type of threat can be difficult to detect especially when we consider that people do not tend to join an organisation with the intention of committing fraud. Changes in personal circumstances; organisational changes and even greed can result in previously honest employees becoming a threat.

The difficulty lies in identifying the fact that a member of staff or colleague is considering committing an act that would damage the organisation, particularly when they are established in their position and are well trusted.

The unfortunate fact is that just one person intent on committing a malicious act or mistakenly opening their company’s systems to attack through inadvertently clicking an infected link could be responsible for compromising sensitive personal and/or corporate data.

The Credit Industry Fraud Avoidance System (CIFAS, 2016) cite five corporate vulnerabilities that open organisations up to becoming victims of fraud:

• Reducing overheads
• More complex and complicated supply networks
• Ignorance of cyber security principles
• Outsourcing
• Churn of employees

Most people reading this document will have experience of one or more of these vulnerabilities and the impact they have on service provision and employees’ morale. We will now consider how a combination of these factors could lead to insider related issues.