The enemy within: When trusted access turns into insider threat


Not all fraud originates from the dark underground of criminal enterprises. In fact, fraud could literally be right under our noses, or in the cubicle next to us.

The “Insider Threat” has many names – internal fraud, occupational fraud, even espionage – and uses authorized internal access and knowledge to carry out an illicit act.  While most offenders try to evade detection, insiders have an advantage where they can be privy to detection methods.  With this level of in-depth knowledge of an organization, the insider threat poses a different kind of threat than typical cyber adversaries, who rely on formalized methodologies to access, explore, and exploit a network environment.

When organizations vet prospective employees, contractors or partners to establish trustworthiness, the vast majority are genuinely honorable.  Outside of television shows such as “24” and “Homeland”, individuals rarely join an organization with the sole purpose of infiltrating a target.  You might wonder, if this is true, how can a person with trusted access suddenly “go rogue”?  Insider threats often evolve over time in response to personal challenges.  For example, financial hardships or monetary gain can motivate someone to exploit their access within their employer.  Non-obvious stressors such as personal relationships, workplace issues or ideological beliefs can also trigger an individual to misuse their trust.  The bottom line is that people change over time – their personal situations, beliefs or allegiances – resulting in risk to an organization’s critical or sensitive information.

The Federal Government has been exploring the concepts of continuous monitoring and continuous evaluation as a means to reduce incidents such as the Washington Navy Yard shooting and the Wikileaks scandal involving Army Private Manning.  For mature organizations who have had a focus on the insider threat for decades, these new concepts employ ongoing techniques to evaluate trustworthiness beyond the historically ad-hoc or periodic reviews.  A cornerstone of this approach is automated analytics.  Without automating processes and applying advanced analytics, organizations are at risk of falling behind amid massive amounts of information and overlooking a key indicator which might seem benign to the individual investigator.

Not all employees have access to highly sensitive data, so the need for such oversight is limited to those individuals who have access to an organization’s sensitive information.  Anyone dealing with personally identifiable information, such as information in tax records or social services, can put an agency at risk.  Luckily, organizations can begin to take steps to proactively safeguard their information and reputation today.

Like in cyber security, a first step toward reducing the insider threat risk is to understand where the sensitive data resides within an organization.  Further, agencies must then identify all individuals, employees, contractors, and third parties who have access to this information.  Defining the data and its access points are a critical first step in safeguarding these assets.  Next, an organization can employ a risk or fraud prevention program.  Like in other types of fraud, deterrence can reduce the possibility of a successful insider attack.   Agencies with strong prevention programs that are communicated throughout the entire organization can reduce their risk significantly.  However, the determined individual can easily evade such programs (such as FBI Agent Robert Hanssen), which is why organizations should complement their efforts with analytical detection methods to ensure a holistic, effective program.    When we consider the aftermath of Edward Snowden’s leaked national security data, whether you consider him a hero or traitor, risk prevention is far more appealing than the uncertainty of the adverse effect of one individual.  In Snowden’s case, we still haven’t even fully realized the impact of his actions.


About Author

Jen Dunham

Principal Solutions Architect

As a Solution Specialist within the Security Intelligence Global Practice, Jen is focused on providing subject matter expertise and assistance to Government teams addressing various security risks such as Cyber Security, Insider Threat, Targeting/Lead Generation, and other Intelligence-specific applications of the SAS Security Intelligence Foundation. Having served as an all-source intelligence analyst in the United States Army, and having since worked closely with numerous law enforcement, defense, and intelligence organizations around the world, Jen has a unique and comprehensive view within these areas and how their tradecraft and missions vary. Jen has worked in mission areas to include; counterterrorism, counterespionage, counternarcotic, peacekeeping missions, priority intelligence requirements, and the Balkans (Bosnia-Herzegovina). Over the last 22 years, Jen has held a security clearance with numerous agencies supporting organizations such as FBI, DEA, NSA, CIA, NCTC, State Department, Department of Energy, and also State and Local Law Enforcement. Jen also has in-depth knowledge (through previous employment) of technology and information companies such as i2, Dun & Bradstreet, Choicepoint and Thompson Reuters.

Leave A Reply

Back to Top