Recognizing Insider Threats

(OBJ 5.6)

Insider Threats
- Involve risks posed by individuals within an organization
Threats can be intentional or unintentional, arising from various personal factors
Training employees to recognize anomalous behavior is essential in addressing insider threats

Altered State or Substance Abuse
- Employees arriving at work intoxicated or hungover may indicate personal issues
- Impaired judgment may lead to unintentional data disclosure or misconduct
- Potential for coercion into making poor security decisions
Emotional Distress
- Signs of depression, giving away personal possessions, or emotional turmoil
- Emotional distress may lead to non-compliance with security protocols
- Vulnerability to exploitation by malicious parties
Lifestyle Incongruences
- Employees demonstrating a lifestyle inconsistent with their finances
- Investigate cases where an employee's spending doesn't align with income
- Discreet investigations to rule out illicit activities, theft, or information selling
Financial Struggles
- Employees under financial stress may express financial woes to coworkers
- Financial pressures can make individuals susceptible to bribery or data selling
- Organizations should have policies in place for handling such scenarios, like financial counseling or monitoring for unusual data access

Establish an insider threat program to create a security culture
Encourage employees to report suspicious activities
Provide training to recognize warning signs
Implement policies that support mental health and financial well-being
Ensure fair and confidential investigation processes
Employ user activity monitoring tools to detect anomalous behavior while respecting employee privacy