PERSPECTIVE: A Better Way to Counter Insider Threats


In the Iliad, the Greek armies besiege Troy, but despite their martial might, the Greek warriors cannot defeat the Trojan defenses. Through acts of cunning and deception, however, Greece slips behind the walls of Troy inside a wooden horse. Once inside Troy, victory is assured – the formidable walls of Troy are useless against the attack from within.

Governments and businesses today face many external threats, but perhaps the greatest danger comes from internal threats that have already penetrated behind defensive walls. Guarding against such insider threats is a vital, complex and far-reaching task.

More than 4 million Americans hold security clearances. Millions more have access to government facilities. All these people must be checked and selected to guarantee their reliability. The Defense Counterintelligence and Security Agency alone is responsible for conducting more than 2 million background investigations each year. Finding and effectively mitigating threats within this huge population is truly a Herculean task.

Nor is the challenge limited to the world of governments and spies. Businesses face a barrage of attacks aimed at stealing intellectual property or personal information. Successful attacks can ruin lives and livelihoods, damage corporate reputations, or cost millions of dollars in repairs.

Whether it’s national security, identity theft or intellectual property, the challenge of countering insider threats is too great to take a reactive approach. The current approach to addressing this challenge relies too heavily on outdated data and notions of risk. A more comprehensive and proactive technique is needed that leverages established methods in addition to using modern artificial intelligence-based processes that bring the broader world of publicly available information (PAI) into play in countermeasures missions. insider threats. Such a modernized approach will maximize information, mitigate threats, and stop problems left behind by the boom.

Limits of the traditional approach

The investigative tools currently used to counter insider threats haven’t changed much in decades. Governments and companies receive certain information from their employees which is then used to assess the reliability of individuals. In the overwhelming majority of cases, the process relies on generally accurate but relatively static data from credit bureaus and data aggregators that provide addresses, phone numbers, financial information and credit records. arrest or judicial. If anything suspicious pops up in these datasets, investigators can dig for more information via old-fashioned sleuthing.

This information can be very valuable, but in today’s computing environment, it is not enough. With the explosion of PAI, investigators must go beyond the traditional approach to gain a full and dynamic understanding of potential threats.

The current approach lacks both quantity and quality of data. From a quantitative perspective, traditional insider threat monitoring techniques use only a fraction of the available data. Although investigators use search engines to “investigate” potential risks, they will only search the surface web, less than 2% of available online data.

The type of data returned in the traditional approach is also incomplete. A person’s dissatisfaction with their employer will not show up in their credit report or arrest history. This is because someone can easily hide potential risks such as extremist activity or ties to foreign governments without them ever showing up in the data being mined. By casting a wider net that examines the surface web and the deep, dark web, investigators will be aware of potential dangers that could easily be missed without this more comprehensive approach.

The right approach

An effective effort to combat insider threats must use all available resources to identify potential risks, particularly by leveraging the IAP. However, due to the size and complexity of the data available, modern technologies that harness the capabilities of artificial intelligence and machine learning (AI/ML) are critical to the success of this new approach.

An updated insider threat program would use the rich data from the traditional process as baseline data for further investigation. Through entity resolution (verifying that multiple data points refer to the same real-world thing) and powerful search processes that find potentially material or derogatory information, regardless of language, investigators can develop a complete picture. Critical information can be discovered on social media platforms, news sites, public archives, blogs, chat rooms, dark web markets and illicit forums. Advanced analytics that use topic modeling and link analysis can also help investigators by quickly highlighting the most critical information while filtering out noise.

In addition to expanding the pool of data, this modernized approach offers several other benefits. By using automated and AI-enabled processes, businesses and government can standardize insider threat missions and mitigate human bias. The result is the ability to screen more people more thoroughly in less time. Thorough and effective screening mitigates risk to an organization and also saves money.

It’s all in the “why”

Insider threats are real and ubiquitous. It is the responsibility of leaders to appropriately address the risks posed by people within their organizations. The current approach to countering these threats, however, is outdated and unnecessarily exposes organizations to increasing risks.

Like ancient Troy, the real danger often lurks in our defenses without our knowledge. A new process that fully leverages the capabilities of PAI and AI/ML is needed to effectively combat the dangers of insider threats.

At stake is nothing less than the lives and livelihoods of honest, hard-working people. This is why the risk of not modernizing is simply too great.

The views expressed here are those of the author and are not necessarily endorsed by Homeland Security Today, which welcomes a wide range of views in support of securing our homeland. To submit an article for review, email


About Author

Comments are closed.