First, what is an insider threat? According to the Transportation Security Administration’s (TSA) 2018 Report of the Aviation Security Advisory Committee on Insider Threats at Airports, “The term insider threat refers to individuals with privileged access to sensitive areas and/or information, who intentionally or unwittingly misuse or allow others to misuse this access to exploit vulnerabilities in an effort to compromise security, facilitate criminal activity, terrorism, or other illicit actions which inflict harm to people, an organization, the air transportation system or national security.”
With that definition in mind, let’s examine the components of insider threat and how you can protect your operation from them.
A good way to understand insider threat is to picture it as an onion with several layers. The outermost layer is made up of insiders who have planned their actions beforehand: the employee who downloads intellectual property with the intent to sell or give it to a competitor company, the employee who steals money or collaborates with an outside party to steal items of monetary worth, or an employee who is a secret member of a terrorist group and is working there to obtain inside security information that can be used for violent acts.
The second layer is the employee who impulsively turns into a threat. For example, an employee is fired and decides to take revenge on their now former employer by damaging property or installing a computer virus into their network. A disgruntled employee brings a weapon and turns the business into a scene of workplace violence.
Going a little deeper, the third layer is a little less obvious. This consists of employees or contractors who disregard or ignore a company’s security policy. Such persons may include:
Below that is the fourth layer. This includes employees who don’t realize their innocent acts pose a risk to their company. For example, an employee takes a selfie inside their office and posts it on social media. Not a big deal, right? However, say that selfie shows an open financial report sitting on the desk or the employee’s identification badge – now that’s a security breach! Another example includes having confidential conversations in public areas like restaurants or taxis. It’s never safe to assume the people around you aren’t eavesdropping on your conversations, so keep confidential conversations for when you’re in a safe space.
Employees, contractors and others with inside knowledge, can be duped by the actions of others outside the company and this is our fifth layer. These employees may be the victims of elicitation. The FBI defines elicitation as “a conversation with a specific purpose: collect information that is not readily available and do so without raising suspicion that specific facts are being sought.” This could take place in an online chat, email, phone call or even in a person-to-person conversation where an employee innocently reveals sensitive information without ever knowing it.
Aviation Security International states at-risk employees can become insider threats and this is our sixth or innermost layer. These individuals suffer from addiction, mental illness or depression, and are vulnerable to efforts made by outside parties or to their own inner demons. They have no intent to cause harm, but they do.
Consider the following real examples of insider threats within aviation:
Businesses have several tools available to them, which can mitigate their risk of becoming a victim. These include the following:
Insider threat cannot be completely eradicated, but companies who do everything possible to protect themselves are less likely to become victims.