New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

How to Defend Against the Insider Threat

Insider threats continue to be the most dangerous threat to any organization.  They are threats to internal data and intellectual property, network performance and security, and even the health and safety of the workforce.  The veracity of this threat is exemplified by the FBI charging Joshua Schulte, a CIA engineer, as the individual behind the Wikileaks Vault-7 leaks and the report of a Tesla employee allegedly sabotaging products and leaking intellectual property belonging to the company.  Considering the seriousness of the insider threat, let’s take a look at who insiders are, what drives them, and how you can protect your company from them (to the extent possible).

The Insider Threat Profile

Insider Threats are categorized in three ways.  The most dangerous are your malicious insiders.  Those in your organization who are motivated to do some sort of harm; whether it be stealing money, leaking data, harming employees, or spying for countries or competitors.  Fortunately, while they may do the most damage and be the most dangerous, these are relatively infrequent.

The most common insiders are your trusted, everyday employee; particularly in the cyber domain.  Hackers know that usually your people are your weakest link.  Not everyone knows how to identify a phishing email or how to browse the web securely. Sometimes, people just make a mistake.  In 2017, Verizon reported that upwards of 66% of all data breaches are the result of phishing or related activities.

Off-boarding employees are often an overlooked insider threat.  Often, people leaving companies feel like the work they did is their intellectual property and that they should be able to take it with them to their new job to help give them a leg up.  Other times, someone may be leaving a company on bad terms and be both a physical security risk as well as a data loss risk.

3 Ways to Defend Against Insider Threats

  1. Institute company policies and enforce them
  2. Implement technical controls
  3. Create and enforce physical security measures

How to Defend Against Insider Threats

So how do we protect ourselves from insiders.  Well, first I would argue that you can never fully be protected from insider threats.  A person with an agenda often will figure out how to achieve their end goal in some fashion if it is important enough to them. Other times, people simply make mistakes.  However, the risk certainly can be lessened.


  1. Institute and Enforce Company Policies

First, it starts with policies and enforcement. Policies will do little to dissuade a malicious insider, but they go a long way to protecting you from your trusted employees and even some off-boarders.  When staff is trained and policies are enforced through technology and monitoring, you decrease the likelihood that an employee will click that bad email or even take intellectual property they developed when they leave.  I make the argument that the single most effective way to protect yourself against insider threats is through training.

  1. Implement Technical Controls

Second, implement technical controls to protect yourself.  Employing security monitoring and detection can alert when data is being taken off the network, there is unauthorized access to sensitive files, or escalation of privileges.  Additionally, implementing Data Loss Protection solutions can help prevent data from being removed off the network and it inventories and classifies the data so that you know what data is most important and needs extra security.

  1. Create and Enforce Physical Security Measures

Finally, we can’t forget about the physical security element of the insider threat. Having adequate physical security place ranging from ID badges, security cameras, and building ingress/egress security goes a long way to both protecting data and securing your people.

About Security On-Demand

Security On-Demand (SOD) provides full-spectrum threat management and advanced cyber threat detection services for hundreds of businesses and government agencies globally. SOD’s patented, behavioral-analytics ThreatWatch technology enables the detection of advanced threats to protect brand value and reduce the risk and mitigate the impact of a data breach. SOD is headquartered in San Diego, CA with international R&D offices and a Security Operation Center in Warsaw, Poland.