June 2014

Insider Threat Defense

is excited to announce that the following U.S. Government Agencies have had individuals attend the the

Insider Threat Program Training Course;

Social Security Administration,


Office Of Personnel Management - Federal Investigative Services.



July 7, 2014

Insider Threat Defense And Tanager Announce Strategic Partnership For Insider Threat Program Risk Mitigation Services.
Press Release Here



July 19, 2014

Insider Threat Defense And Covenant Security Solutions Announce Strategic Partnership For

Insider Threat Program Training Courses.
Press Release Here


August 2014

Insider Threat Defense Provides Insider Threat Program Training Course To Marine Corps Intelligence Activity.


October 2014

Insider Threat Defense Provides Insider Threat Program Training Course To White House National Security Council CISO, National Nuclear Security Administration.















































































































joomla counter




What Is An Insider? What Is The Insider Threat?
A broad definition of the Insider and Insider Threat follows.

An Insider could be someone who has authorized access to an organization facilities,  data, information systems and networks. (Employee, Trusted Business Partner, Contractor or Maintenance Personnel)

Insider Threat Actions could intentionally or unintentionally compromise an organizations security, affect the confidentiality, integrity and availability of an organizations data, information systems and networks and degrade an organizations ability to accomplish its mission or business function.

Insider Threat Damages can include, but are not limited to, espionage, criminal enterprise, unauthorized disclosure of information (Sensitive Information, Intellectual Property, Trade Secrets), Information Technology Sabotage, violation of federal or state laws, or any other activity resulting in the loss or degradation of an organization resources or capabilities.

Department of Defense (DoD) Definition Of Insider Threat
Anyone who has authorized access to DoD resources by virtue of employment, volunteer activities, or contractual relationship with DoD.

Insider Threat: A person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.


Insider Threats To The U.S. Government, DoD, IC
The Insider Threat is a very real and serious problem. Damages by Insiders to U.S. National Security have been severe (WikiLeaks, NSA Classified Data Breach And Many Other Espionage Cases). See: Insider Threat Timeline

Insider Threats To Businesses And Critical Infrastructure Providers
The Insider Threat is not just a U.S. Government problem. There have been countless reports of the Insider Threat problem in the private sector and the severe damages that have been caused. This should be of great concern because the private sector owns and operates approximately 85 percent of the nation’s critical infrastructure (DHS). Making matters worse is that the private sector does not have an Insider Threat Mandate similar to the U.S. Government (Executive Order 13587). Without such a mandate, U.S. companies are unprepared to tackle the continued risks posed by the Insider Threat. Even the new NIST Cyber Security Framework released in February 2014 is not mandatory for Critical Infrastructure Providers. So developing and implementing and managing an Insider Threat Program is an option, not a requirement. But it was a serious enough problem in 2008 for the National Infrastructure Advisory Council to write a report titled “The Insider Threat To Critical Infrastructures”. The bottom line that all organizations (U.S. Government, Businesses, Critical Infrastructure Providers) must realize, is that the threat from the Insider is still a serious one, and that damages caused by the Insider can be just as bad as the damages caused by the Outsider. Malicious Insiders and Malicious Outsiders are many times both after the same thing, an organizations data.

Insider Threat Damages

The damages from an Insider committing theft of an organizations sensitive information, intellectual property, trade secrets or fraud can be severe.


The 2014 U.S. State Of Cyber Crime Survey stated: The incidents that typically fly under the media radar are insider events. We found that 28% of respondents pointed the finger at insiders, which includes trusted parties such as current and former employees, service providers, and contractors. Almost one-third (32%) say insider crimes are more costly or damaging than incidents perpetrated by outsiders. The larger the business, the more likely it is to consider insiders a threat; larger businesses also are more likely to recognize that insider incidents can be more costly and damaging. Despite this, however, only 49% of all respondents have a plan for responding to insider threats.

A 2014 Occupational Fraud and Abuse Report by the Association Of Certified Fraud Examiners (ACFE) stated; Companies lose 5 percent of revenue each year to fraud, which amounts to nearly $3.7 trillion globally. The report pegged the median loss from fraud at $145,000. More than 1 in 5 of the almost 1,500 cases analyzed in more than 100 countries had employees walking away with at least $1 million.  

The damages caused to businesses by Insiders Threats each year are not only substantial, but also on the rise. According to a recent RSA presentation that cited open-source, data-breach reports, and data-loss surveys gathered over a recent ten-year period, “The average cost per incident is $412,000, and the average loss per industry is $15 million over ten years. In several instances, damages reached more than $1 billion.”

Insider Threats Made Easy
Why are organizations so vulnerable to the Insider Threat? 1) Insiders have already obtained a badge to access significant portions of an organization’s facilities, and a login and password to access significant amounts of an organizations data. Insiders also know what data in an organization has the most value. 2)Insiders attempting to commit a malicious action against the government or businesses will in most cases exploit an organizations weakest links that give them the greatest chance of success, without being caught. 3)Insiders in most cases know what is checked and not checked, and know when they won't be checked or challenged. Malicious Insiders are basically using the same methodology to get at the organizations data as the Malicious Outsider. The Outsider looks for a weak link or hole in the network perimeter (Many Times An Insider) and breaches the organizations network and exflitrates the data.

Current and past reports show that the continued Insider Threat problem stems from;
1)Lack of security control implementation. 2) Weak or absence security awareness training and education. 3) A security culture where security polices are non-existence or not enforced. 4) Organizations that are just using technology to detect Malicious Insiders. Reports have shown that just trying to use technology to detect and mitigate Insider Threats, will provide the organization with a false sense of security. The best Data Loss Prevention Tool, Intrusion Detection System and Firewall may be useless in protecting an enterprise from the Insider Threat, as they are only part of the defense-in-depth security strategies required to mitigate the Insider Threat.

Per a
2013 Intelligence And National Security Alliance Report; Many private sector Insider Threat Programs are technology-focused, centered on tools that monitor network traffic and online activity, only monitoring specific people that exhibit suspicious online behavior. The Insider is a person. Therefore, organizations must identify psychosocial events and actions—anomalous, suspicious, or concerning nontechnical behaviors. A robust Insider Threat Program integrates and analyzes technical and nontechnical indicators to provide a holistic view of an organization’s Insider Threat risk from individuals identified as potential threats.

Whether an organization has just 10 employees or 100,000, the Insider Threat is always a security risk. Information is valuable and that’s what malicious Insiders are after, whether it is classified information, sensitive information, intellectual property or trade secrets.


Combating The Insider Threat Risk Using An Enterprise Approach
For an organization to combat (Detect, Mitigate, Prevent) the Insider Threat, it needs to establish a comprehensive and integrated Insider Threat Program that is comprised of individuals from various departments, business units and supporting functions. Because each organization is unique, the structure of the Insider Threat Program may be different. The end result for any Insider Threat Program is the identification of suspicious or malicious activities and behavioral indicators by the Insider, as these are crucial in limiting or neutralizing the potential damage that may be caused by an Insider.

Whether you’re a U.S. Government Agency or private sector organization, Insider Threat Defense can help.

  • We can train your employees responsible for protecting your assets from the Insider Threat. We will provide your employees with the knowledge and resources to develop, implement, manage or support an Insider Threat Program for your organization.

  • We will assist your organization with developing, implementing or managing your Insider Threat Program.

  • We will conduct Insider Threat Risk Assessments of your organization.

Click Here For Information On:
Insider Threat Program Training Course


Insider Threat Defense Past Performance
Insider Threat Defense is proud to mention that we have proven past performance in training security professionals in the areas of Cyber Security and Insider Threats.

Click Here For Information On:
Client Listing-Services Provided

To All The Men And Women Of The Armed Forces

Thank You For All Your Efforts And Sacrifices


Is Not Affiliated With Or Endorsed By The U.S. Federal Government,

The Department of Defense  Or Any Intelligence Community Agency.


This message applies to this website and all linked pages. Unauthorized attempts to deny service, upload information, change information, delete information, or any attempts to access a non-public portion of this website, are strictly prohibited. Use of this website, authorized or unauthorized, constitutes consent to the monitoring and auditing for security purposes. Unauthorized use may result in criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action.


            Copyright © 2014- INSIDER THREAT DEFENSE - All Rights Reserved - Legal Notice