A company can often detect or control when an outsider (non-employee) tries to access company data either physically or electronically and can mitigate the threat of an outsider stealing company property. However, the thief who is harder to detect and who could cause the most damage is the insider—the employee with legitimate access. That insider may steal solely for personal gain, or that insider may be a “spy”—someone who is stealing company information or products in order to benefit another organization or country.
Insider threats—including sabotage, theft, espionage, fraud, and competitive advantage—are often carried out by abusing access rights, stealing materials, and mishandling physical devices. Insiders do not always act alone and may not be aware they are aiding a threat actor. It is vital that organizations understand normal employee baseline behaviors and also ensure that employees understand how they may be used as a conduit for others to obtain information.
For more information:
- The Insider Threat: An Introduction to Detecting and Deterring an Insider Spy (FBI)
This brochure serves as an introduction for managers and security personnel on how to detect an insider threat and provides tips on how to safeguard your company’s trade secrets.
- Economic Espionage: How to Spot a Possible Insider Threat (FBI, May 2012)
This article talks about the threat of corporate insiders stealing secrets, focusing on foreign economic espionage. It includes cases examples and potential warning signs.
- Combating the Insider Threat (DHS National Cybersecurity and Communications Integration Center, May 2014)
This document includes characteristics of insiders at risk of becoming a threat, behavioral indicators of malicious threat activity, behavioral prediction theories, countermeasures and deterrence methods, and training suggestions.
- National Counterintelligence and Security Center Insider Threat Webpage
This webpage contains link to relevant documents and websites.