For many years there has been much debate on who causes more damages (Insiders Vs. Outsiders). While network intrusions and ransomware attacks can be very costly and damaging, so can the actions of employees’ who are negligent, malicious or opportunists. Another problem is that Insider Threats lives in the shadows of Cyber Threats, and does not get the attention that is needed to fully comprehend the extent of the Insider Threat problem.
The NITSIG in conjunction with the ITDG have conducted extensive research on the Insider Threat problem for 15+ years. This research has evaluated and analyzed over 6,100+ Insider Threat incidents in the U.S. and globally, that have occurred at organizations of all sizes.
The traditional norm or mindset that malicious Insiders just steal classified information, an organizations data, trade secrets or other sensitive information, is no longer the case. There continues to be a drastic increase in financial fraud, embezzlement, shell company – fake invoicing schemes, contracting fraud, bribery, kickbacks and more. This is very evident in the Insider Threat Incidents Reports that are produced monthly by the NITSIG and the ITDG.
To grasp the magnitude of the Insider Threat problem, one must look beyond Insider Threat surveys, reports and other sources that all define Insider Threats differently. How Insider Threats are defined and reported is not standardized, so this leads to significant underreporting on the Insider Threat problem.
Surveys and reports that simply cite percentages of Insider Threats increasing, do not give the reader a comprehensive view of the actual malicious actions employees’ are taking against their employers. Some employees’ may not be disgruntled / malicious, but have other opportunist motives such as financial gain, to live a better lifestyle or supporting their gambling addictions, etc.
The severe damages from employees’ can be into the MILLIONS and BILLIONS, as referenced in the reports on the link below. Companies have also had large layoffs or gone out of business because of the malicious actions of employees. The damages caused by employees can happen in an organization, from big to small, from U.S. Government to private sector businesses.
These Insider Threat incidents are not just caused by JUST 1 EMPLOYEE. In some case multiple employees may be involved, or employees may be in collusion with external cyber criminals or conspirators.
Some organizations invest thousands of dollars in securing their data, computers and networks against Insider Threats, from primarily a technical perspective, using Network Security Tools or Insider Threat Detection Tools. But the Insider Threat problem is not just a technical problem. If you read any of these monthly reports, you might have a different perspective on Insider Threats.
Could your organization rebound / recover from the severe impacts that an Insider Threat incident can cause?
These monthly reports are recognized and used by Insider Risk Program Managers and security professionals working for major corporations, as an educational, guidance and support tool to: 1) Gain support from CEO’s, C-Suite, key stakeholders and supervisors for developing or enhancing an Insider Risk Management (IRM) Program. These reports provide the justification, return on investment and the funding that is needed for an IRM Program. 2) Provide Insider Threat Awareness Training to the workforce on the importance of reporting employees’ who may pose a risk or threat to the organization. 3) Review and enhance security controls (Non-Technical, Technical) to protect the organization from the many different types of Insider Threats.
Download Reports / No Registration Required
www.insiderthreatincidents.com
If you would like to receive the monthly Insider Threat Incidents Reports via email, please send your request to: [email protected] to be added to the distribution list.
Jim Henderson, CISSP, CCISO
Founder / Chairman Of The NITSIG
Founder / Director Of Insider Threat Symposium & Expo
Insider Threat Researcher / Speaker
FBI InfraGard Member
www.nationalinsiderthreatsig.org
About the Author
Mr. Henderson is the Founder and Chairman of National Insider Threat Special Interest Group (NITSIG). The NITSIG was created in 2014 to function as a National Insider Threat Information Sharing & Analysis Center. The NITSIG Membership is the largest network (1000+) of Insider Risk Management (IRM) professionals in the U.S. and globally.
Mr. Henderson has 20+ years of experience protecting sensitive and classified information up to the Top Secret SCI Level, with hands-on experience in the development, implementation and management of; IRM Programs, Cyber Security – Information Systems Security Programs, Information Assurance Programs, for U.S. Government Agencies, Department of Defense, Intelligence Community Agencies, Defense Contractors, State Governments, large and small businesses.
Mr. Henderson developed and instructs the highly sought after IRM Program Evaluation & Optimization Training Course, and also provides IRM consulting services to clients.
https://www.insiderthreatdefense.us/wp-content/uploads/2024/05/insider-threat-defense-group-client-listing.pdf
Mr. Henderson developed and taught an Information System Security Program Management Training Course to 100 NSA Information Systems Security Managers.
Additional information on Mr. Henderson’s background can be found on this link.
https://www.insiderthreatdefense.us/wp-content/uploads/2024/05/Insider-Threat-Defense-Group-Overview-Insider-Risk-Management-Program-Training-Consulting-Services.pdf
Jim Henderson, CISSP, CCISO
CEO Insider Threat Defense Group, Inc.
Insider Risk Management Program (IRMP) Training Course Instructor / Consultant
