Insider Threats: Lessons Learnt

Recent cyber attacks also point towards organizations primary vulnerability. Insider threat is more common than cyber-attack. Despite the media focus on cybersecurity, it is important to be aware of insider threat.

The authors shared ten lessons on insider threat. Though these are experiences in respect to an alternate field continuously exposed to security threats, nevertheless, it is important to know the significance and implications of these.

Below, excerpts from “A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes” by Matthew Bunn and Scott D. Sagan published by AMERICAN ACADEMY OF ARTS & SCIENCES.

Even this brief comparative look at insider threats illustrates that such threats come in diverse and complex forms, that the individuals involved can have multiple complex motives, and that common, though understandable, organizational imperfections make insider threats a difficult problem to address adequately. Most nuclear organizations appear to underestimate both the scale of the insider threat and the difficulty of addressing it. Serious insider threats may well be rare in nuclear security, but given the scale of the potential consequences, it is crucial to do everything reasonably practical to address them. The main lesson of all these cases is: do not assume, always assess—and assess (and test) as realistically as possible. Unfortunately, realistic testing of how well insider protections work in practice is very difficult; genuinely realistic tests could compromise safety or put testers at risk, while tests that security personnel and other staff know are taking place do not genuinely test the performance of the system.

Lesson #1: Don’t Assume that Serious Insider Problems are NIMO (Not In My Organization)

Lesson #2: Don’t Assume that Background Checks will Solve the Insider

Lesson #3: Don’t Assume that Red Flags will be Read Properly

Lesson #4: Don’t Assume that Insider Conspiracies are Impossible

Lesson #5: Don’t Rely on Single Protection Measures

Lesson #6: Don’t Assume that Organizational Culture and Employee Disgruntlement Don’t Matter

Lesson #7: Don’t Forget that Insiders May Know about Security Measures and How to Work Around Them

Lesson #8: Don’t Assume that Security Rules are Followed

Lesson #9: Don’t Assume that Only Consciously Malicious Insider Actions Matter

Lesson #10: Don’t Focus Only on Prevention and Miss Opportunities for Mitigation



A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes


Sentiment Analysis in the Context of Insider Threat