Why High-Security Organizations May be at Risk for Insider Threats
In an article from The Stanford News a quote recently caught my attention: “For companies, an insider threat from an employee can be an economic disaster. For a government unit, an insider threat can quickly become a dangerous national security issue.”
We often forget that insider threats have the ability to negatively effect the world outside of our companies especially if we work in high-security organizations like the U.S. military, intelligence agencies and nuclear laboratories. Scott Sagan, a professor at Stanford and co-editor of a new book, Insider Threats, calls insider threats in these organizations “low probability, high-consequence events” and while national security organizations are focused on external threats, they must not ignore the “very real insider threats we face as well.”
According to Sagan, these are the most common mistakes national security agencies make when dealing with insider threats:
Assume Background Checks Solve the Problem
Background checks are not always 100 percent reliable and, because people change over time, background checks do not necessarily give you the most accurate picture of a person’s character. “They are like snapshots, not portraits, of members of national security organizations,” says Sagan. Background checks are just one tool to use when hiring and, as I always recommend, it is always a good idea to run a background check every few years of employment.
Too Many People with Security Clearances
According to the Office of Management and Budget, 1.5 percent of the U.S. population has a security clearance. While it seems best practice to classify more information in the name of security, this could actually backfire. “When more individuals need more security clearances, less reliable security vetting procedures are often implemented and more bad apples can fall through the cracks.”
Ignoring Red Flags
Because the vast majority of folks in high-security organizations are “loyal and responsible individuals”, organizations tend to “reinterpret strong evidence” if it doesn’t fit their assumptions. This includes presuming online searches or discussions are always being conducted in the best interest of the organization, even if the topics being searched or discussed seem unethical or out of character.
High-security agencies are not immune to insider threats and need to make sure they have the tools and strategies in place to not only keep their organization safe, but to keep our nation—and even our world—safe as well.
Please leave a comment or like this article, we love them!
Security First & Associates
www.securityfirstassociates.com