2. 1. Unintentional
• An unintentional insider threat is a current or
former employee… who, through action or
inaction without malicious intent, unwittingly
causes harm or substantially increases the
probability of future serious harm to the
confidentiality, integrity, or availability of data.”
Definition from the SEI, CERT Division
2. Malicious
• We will focus on malicious threats for the purpose
of this presentation.
Brian Solomon
3. Malicious InsiderThreat – A current or former
employee, contractor, or other business partner
who has or had authorized access to an
organization's network, system, or data and
intentionally exceeded or misused that access in a
manner that negatively affected the confidentiality,
integrity, or availability of the organization's
information or information systems.
Definition from the SEI, CERT Division
Brian Solomon
4. Former employees
Current employees
Visitors
Contractors
Consultants
Suppliers
Who else may have physical or electronic
access?
Brian Solomon
5. Greed or financial need
A belief that money can fix anything. Excessive
debt or overwhelming expenses.
Anger or revenge
Feelings of being “slighted” by a boss or
coworker. Disgruntled to the point of retaliation
against the company.
Problems at work
A pending layoff, job dissatisfaction, lack of
recognition, disagreements with workers or
managers
Brian Solomon
6. Compulsive and/or destructive behavior
The need to support a drug/alcohol or other
abusive behaviors.
Relationship, marital, or family
difficulties
Martial conflicts or separation from family or
other loved ones
Ideology/Identification
The desire to help the underdog or an
aggrieved party of a situation.
Brian Solomon
7. Divided loyalty
Loyalty to another company or person
Ingratiation
Desire to please or win approval from someone
who could benefit from the data with the
expectation of return favors.
Brian Solomon
8. Takes material home via documents, flash drives,
disks, or email without need or authorization.
Seeks to obtain sensitive information not related to
their work activities.
Interest in confidential matters outside the scope
of their work.
Accesses the computer network remotely while on
vacation or at odd hours without authorization.
Disregards computer policies, installs personal
software or hardware
Overwhelmed by life crises or career
disappointments
Brian Solomon
9. Noncompliance with IT policies or improper use of
IT system.
Attempting to access IT system remotely after
dismissal or at unusual hours.
Illegal, unethical, or other activity that is forbidden
by policy (attempting to hack passwords, accessing
restricted data not related to job…).
Sending business or PHI data to or from private
email accounts.
Emailing sensitive data that is not encrypted via the
internet.
Brian Solomon
10. Employees improperly trained and/or infrequently
trained on how to protect PHI.
Employees with access to data that is not needed
for their job.
Unclear policies for working outside the office or at
home.
Employee perception that security for PHI is relaxed
or nonexistent.
Employee perception that unauthorized release of
PHI has minimal consequences or “doesn’t hurt
anybody.”
Brian Solomon
11. Aeran, A. (2006). Comprehensive Overview of Insider Threats
and their Controls. Retrieved from cccure.org:
https://www.cccure.org/
Blue Lance Inc. (2011). Internal Cyber Threat Prevention.
Retrieved from bluelance.com: http://www.bluelance.com/
Carmine Nigro, F. B. (2014). The Enemy Within: Dealing With
Insider Threats. HIMSS Take Action Annual Conference 2014
(p. 8). Boston: Healthcare Information Management Systems
Society.
National Cybersecurity and Communications Integration Center.
(2014). Combating the Insider Threat. Washington, DC: US
Dept of Homeland Security.
U.S. Department of Justice. (2014). counterintelligence insider
threat. Retrieved from fbi.gov: http://www.fbi.gov/about-
us/investigate/counterintelligence/
Brian Solomon