Managing insider threats in the age of espionage

The recent arrest of Army Private Kira Korolev and her husband Igor Korolev on charges of espionage has brought the issue of insider threats to the forefront of national security concerns – but the issue might be closer to home for business owners.

While the case of the Korolevs, accused of working together to obtain and transmit sensitive information to Russian authorities, highlights the insidious nature of insider threats, Bluerydge founder and director Tom Kazan says they are also more pervasive than most realise.

“Insider threats pose a unique challenge due to their complexity and the subtlety with which they can develop. Once you start working in the industry, your eyes open up to how common it is,” he says.

“It can be hardest to accept or even see the threats from within our own ranks; it feels so personal. Humans are complex, unique creatures, each with their own personal issues, vulnerabilities and internal and external factors manipulating them.”

Tom, who has extensive experience advising on and investigating insider threats within the National Security Community (NSC) and broader Australian industry, says due to their nature many incidents remain unreported.

“We’re talking about people we’ve worked with, maybe hired, maybe trained, perhaps they’ve even become friends. So it can feel like a giant leap to think that behaviour which might seem a little strange or suspicious could be a genuine threat,” he says.

“When the threat is coming from the inside, it feels like there’s a burden to come up with irrefutable and overwhelming evidence before you report anything or investigate, and you have to keep it under wraps until you have that.”

A reluctance to “rock the boat” could lead to under-preparedness, and the consequences for organisations can be dire.

Add to this the fact that insider threats can stem from devilishly simple circumstances, and it’s easier to see how it can happen.

“We once supported a customer through managing an insider threat and it came from a common and very run-of-the-mill scenario: a disgruntled employee who decided to take their grievances to the next level. They hired a foreign criminal group on the dark web and paid them somewhere between $500 and $1000, additionally arming them with detailed internal knowledge,” Tom says.

“This third party then conducted a successful attack, and the impact to the organisation was a significant loss of information and trust. It’s hard to say if they have to this day, recovered.

“Often the most profound damage coming from an insider threat is reputational, but that has a ripple effect on your finances. It’s losing contracts and the ability to secure new opportunities, it’s the impact of the loss of IP (intellectual property) or personal data.

“For government organisations and departments, it’s the loss of the public’s faith or critical information that could impact assets overseas, it could compromise classified or sensitive information that then goes to a foreign actor, and that goes to national security. This is a particularly serious threat at times like these, when geo-politics are so contentious.”

Bluerydge has supported numerous clients in addressing insider threats, from identifying employees colluding with concerning actors to preventing intellectual property theft.

Tom says to vigilantly and proactively manage each risk requires a comprehensive understanding of the multi-faceted nature of insider threats and a holistic approach combining human-centric responses with emerging technologies.

“This involves understanding the various pathways through which employees can be coerced or manipulated, and the early indicators that suggest an individual may be on a trajectory toward becoming a threat,” he says.

“Our strategies are designed to help organisations not only detect and manage but also preempt potential insider threats.”

Often detection requires a coordinated approach between various teams within an organisation, including human resources (HR), information technology (IT), legal and security.

“Your security department might notice anomalies with the use of an employee’s key card, IT might detect something off about system usage, HR might note something odd around absences – none of these things might seem like anything on their own, but together might paint a different picture,” Tom says.

“It’s important to make staff aware that this is a genuine threat because most won’t know. They need to be trained on what to look out for in their various departments, and when to report anomalies. Organisations should also ensure engagement with the Information Security Manual (ISM) for best practice and have specific insider threat policies in place as well as communicate procedures around reporting any concerning behaviour.

“Beyond that, there are technological solutions that, in conjunction with the human element, can build your organisation a powerful layer of protection against insider threats.”

For more information contact Bluerydge.