All organizations are vulnerable to the threat that insiders may use their access to compromise information, disrupt operations, or cause physical harm to employees. To mitigate this threat, organizations are encouraged to establish and maintain a comprehensive insider threat program that protects physical and cyber assets from intentional or unintentional harm.
What is an Insider and Insider Threat?
According to the National Insider Threat Task Force (NITTF) “an insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems”.
The NITTF defines the insider threat as “the risk an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization. This can include theft of proprietary information and technology; damage to company facilities, systems or equipment; actual or threatened harm to employees; or other actions that would prevent the company from carrying out its normal business practice”.
To get more information on insider threats, please send an email to InTmitigation@hq.dhs.gov
In case of an emergency, or to report suspicious activity or events, call 9-1-1 or contact local law enforcement.
How Organizations Mitigate the Insider Threat
The links below describe how organizations can establish an insider threat program, identify and protect critical assets, recognize and report suspicious behavior, and assess and respond to insider threats.
Building an insider threat program can help organizations detect, deter, and respond to threats resulting from malicious and unintentional insiders.
An insider threat program can protect critical assets from malicious insiders or the unintended consequences from a complacent workforce.
An engaged workforce trained to recognize and report suspicious behavior or activity can help defend against insider threats.
A comprehensive insider threat program can involve collecting and analyzing information, that is continuously changing, and from a variety of data sources.