Enter Details

Comment on stories, receive email newsletters & alerts.

This is your permanent identity for Business Insider Australia
Your email must be valid for account activation
Minimum of 8 standard keyboard characters


Email newsletters but will contain a brief summary of our top stories and news alerts.

Forgotten Password

Enter Details

Back to log in

SLIDE DECK: A counter-terrorism expert explains how to monitor for internal threats to your company

Dynamiq principal consultant Joseph Iannazzo.

In the age of data security, the “internal threat” is increasingly becoming a sharp point of focus for governments and corporations around the world.

While organisations continue to test their security and emergency management plans to reduce external threats, recent global events have highlighted the enormous damage that can be inflicted by agents from within.

Think NSA leaker Edward Snowden, or Germanwings pilot Andreas Lubitz – these are the high profile cases, but there is a huge spectrum of risk for companies and government agencies that needs to be recognised and managed.

Counter-terrorism expert and principal consultant at global emergency management company Dynamiq, Joseph Iannazzo, told Business Insider corporations and employers needed to be aware of potential security incidents arising from within the workplace.

“The threat of a terrorist act is a trending issue currently being discussed by the media and risk managers. However, the likelihood of a malicious insider or disgruntled worker, contractor or customer should be just as concerning,” he says.

Iannazzo says many companies haven’t taken adequate steps to identify the types of threats they’re exposed to.

“Some organisations have general plans in place but they won’t necessarily be able to combat insider threats because they require a different, more targeted approach,” he says.

Having worked with the Australian federal attorney-general’s department on counter-terrorism, Iannazzo now advises businesses and clients on using an intelligence-led approach to ensuring the safety and security of their people, assets and operations.

Late last month he addressed the subject of Managing The Threat From Within at the Australian Security Industry Association Ltd (ASIAL) conference in Melbourne.

Here’s his presentation, which he’s kindly allowed us to reproduce.

An FBI study of active shooters in the US last year revealed business (commerce) premises accounted for almost half (45.6%) of the total locations for 160 separate incidents. The next highest was education (i.e. schools) at 24.4%.

Of 44 incidents in 2014 at premises that were open to pedestrian traffic, 68% of active shooters were not employees of the business in question.

However, out of 23 incidents in 2014 at premises that were closed to pedestrian traffic, more than 95% involved a current or former employee.

Here's how Wikipedia defines an insider threat...

While the US National Counterintelligence and Security Centre defines it as...

And the Australian goverment says an insider threat is...

Iannazzo says that while many people are concerned about a terrorist attack, they should be just as concerned about other significant security incidents occurring internally.

Iannazzo highlights the very recent (June 2015) Charleston church shootings in South Carolina. During a prayer service, nine people were killed by a gunman attempting to incite a race war. A Snapchat video was posted online just moments before the incident took place.

Dylann Roof was indicted on 33 federal hate crime charges. What's most interesting about this particular incident is Roof was invited to the prayer service by the same people he would go on to kill, despite there being a ton of material associated with white supremacy, the Confederate flag and a manifesto of his beliefs on race available on his website and social media profiles.

The September 11, 2001 US terrorist attacks sparked a massive overhaul of the global aviation industry, still impacting today's travellers. Although the attacks were widely recognised as an external terrorist plot, the pilots who purposefully crashed planes into the World Trade Center and Pentagon took flight training lessons in southern Florida.

Germanwings co-pilot, Andreas Lubitz, deliberately crashed his plane after locking the commander out of the cockpit. It was the act of an unstable, disgruntled employee who had learned he was medically unfit to fly and wanted to do something to 'change the system'.

Convicted murderers David Sweat and Richard Matt pulled off a brazen escape from an upstate New York prison with the help of Joyce Mitchell, an industrial training supervisor who worked in the prison's tailor shop. She provided the prisoners with hacksaw blades, chisels, a punch, and a screwdriver.

But Mitchell wasn't alone in assisting the escapees. Veteran corrections officer Gene Palmer (below right) was charged with smuggling illegal contraband. It's alleged Mitchell recruited him to bring hamburger meat, filled with tools later used in the escape, to the prisoner's cell.

Given the rapid pace of technological innovation, it's becoming increasingly difficult to protect employees from threats that are created externally but embedded and shared internally.

Nearly half of all US companies deal with similar cyber attacks each year. Chelsea Manning (below left) stole thousands of secret US intelligence documents and shared them on WikiLeaks. Edward Snowden, a former CIA analyst, (below right) leaked classified information from the U.S. National Security Agency (NSA).

In June 2015, the US Office of Personnel Management became the target of a massive data breach, exposing millions of people's personal records. The attackers were thought to have gained access to the system through social engineering -- a process whereby insiders with credentials are psychologically manipulated to reveal confidential information.

Ex-US Navy sailor Robert Hoffman was jailed for 30 years after trying to 'pass state secrets to Russia'. Hoffman, arrested in 2012, was a 20-year veteran. The FBI targeted him as a potential spy and set him up to see if he would hand over encrypted naval tracking information -- he did.

Internal threats have no boundaries. Former Dow Scientist Wen Chyu Liu was convicted of stealing trade secrets and selling them to companies in China. What's unique about this particular case is Liu paid off a number of other accomplices, some international, to help him carry out his plans.

Insider threats don't always have to be intentional. Republican congressman Pete Hoekstra proved this in 2009 when he Tweeted messages containing potentially revealing information during a visit to Iraq. Hoekstra defended his actions claiming there was no formal rules against what he did.

There are targeted ways you can manage insider threats.

Focusing on people, assets and operations are the most critical objectives.

Establishing a framework to identify potential, future threats is the next step. Iannazzo suggests identifying high-value employees, completing background checks and finding out who would be most susceptible to bribes and intimidation.

Understanding behavioural analysis and the possible ways in which insider threats can be realised is vital. Companies must be anticipating that these types of acts will occur, rather than simply preparing prevention methods.

This is where monitoring people's behaviour is important. There may be a threat building in front of you.

Consider people's life situations...

And watch for these kinds of behaviour...

Monitoring personnel social media can also give you indicators of an emerging threat.

Once you've discovered a threat, understand there's no tailored solution. A collective organised response should be formed, based on information, analysis and evidence.

Follow Business Insider Australia on Facebook, Twitter, and LinkedIn