Why Insider Threats Require a Converged Approach to Security
Insider risks are evolving. Threats now encompass a wider range of vulnerabilities, from disgruntled employees to accidental leaks and even nation-state actors infiltrating organizations.
In a high-profile 2022 case, North Korean operatives exploited remote work opportunities to gain employment at U.S. tech companies, enabling them to steal sensitive data and intelligence for the regime.
This case shows how insider risks extend far beyond a single department, requiring a unified approach to security.
According to the 2023 Verizon Data Breach Investigations Report (DBIR), insider threats account for nearly 25% of industry data breaches. Whether intentional or accidental, the result is the same - organizations face significant financial and reputational damage as a result of an incident.
Given the complexity and frequency of these threats, a siloed approach to security is untenable. In today’s environment, security leaders must adopt a converged strategy that brings together physical security, IT, HR, legal, and other critical stakeholders to address insider risks effectively.
This article will explore how breaking down silos between departments can help security practitioners stay ahead of insider threats and build a unified defense against them.
The Evolving Nature of Insider Threats
Traditionally, insider threats were often associated with cybersecurity breaches, such as employees stealing data or introducing malware into corporate systems. However, today’s insider risks are far more complex.
These threats now include everything from unintentional data leaks by employees to disgruntled staff members planning physical harm and even cases of espionage involving nation-state actors.
For example, consider the recent cases of foreign actors gaining employment at multinational companies through hybrid work arrangements only to siphon sensitive data back to adversarial governments.
Meanwhile, accidental threats—such as an employee unintentionally sharing privileged information — remain just as dangerous. The convergence of digital, physical, and human elements in these threats underscores the need for a holistic approach to risk management.
As the threat landscape broadens, it becomes clear that insider threats are not just a cybersecurity problem. They are organizational risks that affect every department and require a united response.
The Problem with Silos: Delayed Responses and Missed Signals
One of the most significant challenges in mitigating insider threats is the siloed nature of many organizations. Too often, physical security teams, IT departments, HR, and legal work in isolation, each focused on their specific domains. This disjointed approach can lead to delayed responses, missed warning signs, and inefficiencies in managing threats.
For instance, a cybersecurity team might detect unusual network behavior. Still, if they fail to communicate with HR or physical security, they may miss the larger context— such as that the employee in question has recently faced disciplinary action or tried unauthorized access to a restricted area.
Without a converged approach, information slips through the cracks, increasing the risk that an insider threat will go unnoticed until it is too late. By nature, insider threats require a multifaceted view, blending physical, digital, and human elements.
When teams fail to collaborate, they fail to detect and prevent a threat before it escalates.
The Case for a Converged Approach to Security
A converged approach to security brings together different departments—such as physical security, cybersecurity, legal, and HR—into a cohesive strategy for identifying and mitigating insider issues.
By sharing information and resources, teams can create a more cohesive “common operating picture,” allowing for better decision-making and faster responses. In a converged model, insider risks are viewed holistically, regardless of where they begin.
Insider risks are complex, multifaceted threats that can strike any organization from the inside or outside. In the face of these evolving threats, a converged strategy that unifies crucial stakeholders to create a more resilient, responsive defense is not just a "nice to have;" it should be a "must have."
Leadership expert Patrick Lencioni said, "Teamwork begins by building trust. And the only way to do that is to overcome our need for invulnerability."
Breaking down silos and encouraging collaboration isn't just about structure; it's about building trust across the organization to tackle insider threats together.