Insider Threat. PHOTO: Cybercrime Magazine.

The Insider Threat: It’s Seriously Human

Evolving work environments bring new challenges to the cybersecurity threat landscape

Chris Hogan, CISSP, GCFA

O’Fallon, MO – Dec. 3, 2021

It’s clear no one is immune to the threats that loom across the digital ecosystem. It’s the reality we face as leaders in the cybersecurity space, and it is our responsibility to be vigilant, proactive and collaborative against our adversaries — even when they happen to come from within our own organizations.

When managing the impact of these internal threats, it is important to blend technology and behavioral intelligence with security standards and controls. But above all else, it requires a deep understanding of your organization — its people, its security approach, and its technology.


When it comes to combating insider threats, people often begin with a technology-powered solution. While things like user activity monitoring (UAM) or data loss prevention (DLP) suites can certainly be an additive, they cannot stand alone. They need to be combined with strong policy and integrated with people and behavior management.

Developing a mature, preventative Insider Threat program begins with recognizing that this is a human threat. Understanding the association between the person and the act itself is critical to identifying a particular event, and also to building a more mature and preventative program. This is often done by analyzing some of the most common threat profiles and motives that are seen with insider threats.


To run a truly effective program, it is critical to understand the common types of threat profiles you may see: accidental, rogue employee, corporate espionage and transitional.

Accidental incidents can happen. In fact, this is among the most common types of insider threats. The risk of accidental incidents has increased as organizations have adapted to the realities of a disparate workforce throughout the pandemic.  These events may seem to be low impact on the surface but they can lead to wider fallout in the long term.

A rogue employee goes against the corporate grain and continually disregards organizational rules, policies or processes. They’re more likely to take risks that will put an organization’s security and reputation in jeopardy.

Depending on your industry, corporate espionage can be a real and present threat. An employee with external allegiances may be willing to do anything for cause, country or profit. If an adversary can just “steal” something rather than incur an operational expense to build it, they’re going to try and do it.

An employee that is transitional moves from company to company accumulating information, IP (Intellectual Property) and competitive secrets along the way. They use this information to make themselves look better. This is bad for everyone involved. Some organizations may lose sensitive data and others may be faced with legal obligations to disclose this breach and appropriately handle the data that has entered into the new company’s networks.


While there are an unlimited number of motives for insider threats, the three most common are: Opportunity, Desperation and Message.

No matter what the organization, there are always going to be people with the opportunity to do harm. As many organizations have shifted to a remote-first environment in response to the pandemic, there is greater opportunity to do harm. People often feel the most comfortable when there is the perception that no one is looking over their shoulder.

Some people are desperate to change a situation they are in. Oftentimes, there are external factors that come into play. Consider the large number of families around the world that have been impacted by COVID-19. All it takes is a job loss, death of a loved one, or an eviction notice to drive someone over the edge.

Finally, there are people in this world that just want their message to be heard; and they’ll do whatever it takes to do just that. Activisim or Hacktivisim can be both an internal and external threat.


Combating insider threats is a team effort. Your Human Resources, Legal and Privacy teams can provide guidance on what regulations should be considered, what is most important to your organization and how you can most effectively manage the global cultural nuances that come with operating in multiple nations.

While there is no magic formula that will solve all of the risks, there are two universal concepts that should be considered. First, implement strong security and use access controls, like the principle of least privilege, reduction of administration access, multifactor authentication. Second, regularly audit your systems to make sure no new vulnerabilities have developed. With the pace of technological evolution, this is critical to finding any gaps in your defenses.

The bottom line is this: your ability to manage insider threats becomes more effective when you can combine the power of technology with shared intelligence about certain behaviors and motives, supported by sound security standards and controls. The more you know about your organization’s personnel, security and technology, the better chance you have at being more proactive against the risks and emerging threats to your company’s bottom line.

Chris Hogan CISSP, GCFA is Vice President, Information Security Engineering at Mastercard

Brought to you by Mastercard

Small businesses are the backbone of economic growth. The needs of small businesses have not changed during the pandemic, but they have grown more acute. With cyberattacks on the rise, small businesses are a huge target. 

Quite often cybersecurity is an afterthought for many small businesses. Many do not have the resources of larger organizations to defend themselves and act once breached. And it’s often difficult to recognize that improving the cybersecurity of one’s business is within one’s control.

Our goal is to change that. This is why we created the Mastercard Trust Center — to help small businesses defend their most important assets — their business and their reputation, through free online access to trusted cybersecurity research, education, resources and tools.

It’s our mission to bring the Mastercard Trust Center to every small business, everywhere, enabling owners to feel more secure and better equipped to thrive against uncertainties.