Insider Threat Management: Tackling Your Organization’s Most Critical Risk Vulnerability


While employees are the strongest defense a company has against insider threats, they can also be the biggest risk. Having employees with authorized access to sensitive information, technology, and people poses an inherent threat to organizations, especially with today’s remote workforce. Even with the right technology deployed, insiders are the most critical link in the security chain. How can security teams establish a holistic insider risk management program while developing and integrating threat management triggers and thresholds? 

Vice President of Intelligence at Torchstone Global, Scott Stewart, moderated a panel at the 2022 Ontic Summit addressing these concerns and how organizations can best mitigate insider threats. Stewart was joined by  JT Mendoza, President & CEO of Citadel Risk Group, Chris Delia, Senior Director of Security at the Anti-Defamation League, and John Wyman, Senior Security Manager at Smithfield. Below you’ll find three main takeaways from their discussion:

Taking a Risk Management Approach

It’s a common misconception that all insider threats stem from malicious intent; however, not all of them are intentional. Actually, a majority are accidental or unintentional due to negligence, which puts companies at an even higher risk.

“Every employee introduces risk, so it’s critical to take a risk management approach to insider threats,” Wyman stated. Wyman then elaborated on the growing need for training leaders to have genuine discussions about mitigating these risks and how the insider threat awareness program should be a melting pot of stakeholders.

Internal Training and Feedback Programs

Since insider threats are within the organization, it’s important to leverage your employee base and engage across teams when establishing an insider threat mitigation process. One example of this is conducting exit surveys and implementing a strategy around identifying potential insider threats – such as employees repeatedly complaining about the same person or acknowledging any anomalies in employee behavior (i.e., an employee that was formerly very helpful and mentored others turning disengaged and reserved).

“Pay attention to employees that are actively disengaged or providing persistent harm. There could be an infiltration going on. Whether at the activation level or the espionage level, you need to know how to navigate between the vectors,” he urged.

Collaboration Across Cyber and Physical Security Teams

Another critical aspect of insider threat programs that the panel unanimously agreed upon was the convergence of cyber and physical security teams. While insider threats are often thought about more in the cyber realm than the physical, the panel urged the audience to see them as a motivator for cyber and physical teams to be more converged in the future.

“When establishing an insider threat management program, relationships are critical,” Mendoza stated. “There can be no divides, and there must be trust. Trust is hard to gain but easy to lose.” All the panelists agreed and noted the importance of relationship fundamentals when breaking down the silos between cyber and physical teams to enable a more holistic view of your organization’s insider threats.

Together, cyber and physical teams should exercise discipline to sustain tight controls on sensitive information and access controls. Integrating the two departments will foster collaboration within investigations and give organizations a holistic strategy and single view of their entire threat landscape.

Download Now

How to Run Effective Insider Threat Investigations