Depending on who you ask, the term “insider threat” could mean a few things:
- A hacker
- A spy
- A corporate spy
- Computer network security
- computer something something..
- some rambling story about a coworker
Rarer, but sometimes encountered:
- Unwitting phishing victims
- Victims of elicitation
- Supply chain risks
- Violence in the workplace
Generally I’ve found most explanations on insider threat tend to focus on methods (hacking, “cyber”), or goals (spying for country X) rather than on the actual vector, a human being.
Even in the psychology community, the human aspect gets a little wishy-washy as we tend to divide nation-state spies from workplace violence. We simultaneously lump everyone into one category, and then focus on single populations in order to devise mitigation solutions.
For the purposes of this blog, unless otherwise specified, here’s what I think insider threat means: a human being, with natural placement and access to a group, and acknowledged by the group to have said placement and access, engages in a behavior which is contrary to the group’s stated goals, objectives, agreed upon social exchange rules, or group mandates, with mens rea for the act.
This definition would eliminate the unwitting insider, the victim of elicitation; and appropriately so as they are really just victims of a ruse, and arguably better identified as an organizational or group vulnerability which may be leveraged by an insider or external threat.
This definition could be thought to separate the mentally ill active shooter from the recruited (or self-initiated) spy, but arguments could certainly be made along Axis I (schizophrenia, depression, mania, etc) and Axis II (personality) disorders thought to be present in both groups.