An insider threat is defined as a current or former employee, external contractor, vendor/supply chain provider or other business partner, who may accidentally or intentionally misuse a combination of knowledge and access to an organization’s proprietary and sensitive information, business techniques, business technology or other assets. Insiders may operate alone or in concert with others or may be self-motivated or recruited by a third party to exploit their authorized or privileged access. Regardless, an insider becomes a threat when they either deliberately or unintentionally fail to follow security rules. Most federal government agencies and companies that provide contract support to the US defense industrial base must comply with mandates and policies specifically directed at reducing the threat from insiders. State and local governments and agencies are also beginning to adopt mitigation strategies to minimize risk from insider mistakes or nefarious activities. Lastly, most industries in the US private sector have experienced breaches or compromises at the hands of insiders and are adopting insider threat programs as part of their overall risk management strategies.
The Frontier Security Strategies Team incorporates counterintelligence (CI) principles, along with strong physical security, personnel security and information technology (IT) security awareness so that an organization can more quickly identify and mitigate insider threats. We provide the full-spectrum of consulting support from insider threat risk assessment methodology to designing and implementing insider mitigation policy and protocol from the ground up. For organizations with existing insider programs, we offer value-added capabilities like analysis of open-source threats, social media analysis and web-based awareness training on all information security (InfoSec) topics, Insider Threat and Workplace Violence.
- Predictive Threat Detection
- Reduced Breach Impact
- Comprehensive Threat Response & Investigation
- Quantified, non-subjective threat & risk reporting