From data breach to sabotage
The NCSC emphasizes that insider threats aren't always digital. Physical threats, such as sabotage, theft, or unauthorized access to critical areas, are also included. Consider:
- A security guard who provides access to a warehouse for a fee
- An HR employee who passes on sensitive personal data
- A recently hired production employee who lends his access pass to a malicious person.
Supply chain partners can also pose a risk. Employees of suppliers or contracted service providers often have access to systems or buildings. This requires extra vigilance, especially if these organizations have ties to countries known for espionage activities.
The HR Department: Weak Spot or First Line of Defense?
HR plays a key role in identifying and preventing insider threats. Yet, HR systems and processes are often vulnerable. Employees experiencing financial difficulties, engaging in inappropriate behavior, or experiencing sudden behavioral changes can be signs of increased risk. Yet, in practice, these signals are often detected too late or not taken seriously enough.
An effective HR policy begins with clear codes of conduct, awareness training, and – where necessary – periodic screenings. Transparency is essential. Screening shouldn't be a secret weapon, but must be a carefully integrated part of the integrity policy. Not only before employment, but also throughout the entire employment relationship.
In the Port of Rotterdam, we see how organized undermining operates partly through insiders. Without physical access and cooperation from within, criminals are unable to infiltrate supply chains, transfer information, or manipulate access systems. Read more about this approach in our article on undermining in the Port of Rotterdam and how training and collaboration through the Port Security Academy contribute to the resilience of security personnel.
How do you prevent damage from within?
The National Cyber Security Centre (NCSC) uses the Identify, Protect, Detect, Respond & Recover framework for dealing with insider threats. Based on this framework, the NCSC advises organizations on the following points:
- Map your crown jewels
Which processes, spaces or systems must absolutely not fall into the wrong hands? - Apply the need-to-know principle.
Limit access to sensitive information and remove 'forgotten rights'. - Provide detection capacity
Abnormal behavior – such as unusual access times, strange data flows or USB activity – can also be detected technically. - Invest in soft controls
An open culture in which people dare to speak to each other prevents a lot. - Be alert to 'sensitive moments'
Reorganisations, conflicts, termination of employment or prolonged absence are moments when additional risks arise. - Work multi-disciplinary.
Insider threats affect IT, HR, facilities, and security. Let these disciplines work together.
Culture of trust
In physical security practice, we see that identifying issues begins on the work floor. Managers are often the first to notice when someone is withdrawing or working noticeably overtime. It's important that employees know where to go with their concerns, without it feeling like snitching. This willingness to report only develops in a culture of trust, supported by clear procedures.
Furthermore, it's crucial that physical and digital access control are coordinated: a sound IT policy loses its value if anyone can access the server room. Finally, information often becomes fragmented across departments. The answer is sound and effective communication throughout the entire chain.
It gets personal when it's someone you know
One of the most challenging aspects of insider threats is the human element. It often involves people who have built trust. This makes confrontation difficult, especially when emotions like shame, anger, or disbelief are involved. Nevertheless, it's crucial to act quickly. Isolate, investigate, apply the right to a fair hearing, and sometimes even file a report.
Insider threats require an integrated approach
This type of threat requires a comprehensive approach that combines technology, behavior, and organizational culture. The Securitas Risk Approach (SRA) step-by-step plan helps organizations implement this approach in a structured manner. In five clear steps, you'll gain insight into your vulnerabilities and the measures that will enhance security within your organization. Curious how this works in practice? Discover it in our whitepaper or contact us for an exploratory consultation.
