Organizations are exposed to various threats and data breaches in today’s digital age. These include cyberattacks, reputational damage, property damage, and data loss. Broadly, these threats can be categorized into insider and outsider threats. Outside threats originate from external sources—such as cyberattacks and phishing emails. In contrast, insider threats, as the name suggests, come from within the organization, including employees, contractors, or other trusted individuals. Globally, insider threats are considered one of organizations’ most significant challenges. However, managers often overlook them due to the common misconception that employees or trusted staff cannot harm the organization. Data, however, tells a different story.
In 2018, two billion of the five billion compromised records were the result of insider threats. According to the Crowd Research Insider Threat Report (2018), 50 percent of companies reported experiencing an insider threat within the past 12 months.
Who Can Be Classified as an Insider?
To better understand this issue, it’s important to understand what an “insider” is. An insider is typically someone who has or previously had authorized access to an organization’s internal data, information, or facilities. Such individuals can pose serious risks, either unintentionally or intentionally. For instance, in 2015, Anthem (a health insurance company) suffered a major breach of Personally Identifiable Information (PII) due to a phishing email that several employees accidentally opened, exposing 78.8 million records.
Insiders can be categorized into two main types: the unwitting insider, who causes harm unintentionally, and the insider adversary, who acts with intent and motivation. The insider adversary may be further classified into passive insiders (who help others with critical information), active non-violent insiders (who may commit fraud or espionage), and active violent insiders (who cause physical harm). The motivations behind such threats vary, ranging from personal grievances and financial incentives to ideological beliefs or coercion. Some insiders may even be recruited by adversaries to exploit their positions. Insider threats can destroy assets, cause fraud, espionage, theft of intellectual property, and loss of sensitive personal or organizational data, ultimately compromising national security.
Why Public Organizations are Particularly Vulnerable to Insider Threats?
Public organizations are becoming particularly vulnerable to insider threats. They account for more than 30% of data breaches in this sector. Public organizations handle sensitive and confidential data, making insider threats particularly dangerous. Nowadays, public organizations rely more on digital technology, making them vulnerable to cyber risks. However, government organizations often use outdated IT systems and software, which makes them an easy target for cybercriminals.
Furthermore, government entities are often interconnected, so a breach in one can have cascading effects across multiple departments. The public sector has become a battleground in cyberwarfare and state-sponsored hacking. However, it often faces budget limitations and bureaucratic red tape, which limit its ability to implement a full range of protective measures.
According to the IBM Cost of a Data Breach Report 2024, the average cost of a cybersecurity incident in the public sector is around 2.60 million dollars. This includes costs related to system repairs, ransom payments, and legal fees. The public sector is targeted for both financial and political reasons. Data breaches in the public sector spread fear and unrest, making these organizations high-value targets for enemies and attackers.
Recent Cases of Insider Threats
Insider threats are a global phenomenon. The following are some recent cases worldwide that shed light on how damaging internal breaches can be. In Pakistan, one of the most alarming examples is the data breach at the National Database and Registration Authority (NADRA), where the personal information of 2.7 million citizens was compromised between 2019 and 2023. Shockingly, this data reportedly surfaced as far away as Argentina and Romania, exposing serious lapses in internal controls and data protection mechanisms. Despite several officials being dismissed, Pakistan still lacks a comprehensive data protection law, leaving public institutions vulnerable to similar incidents.
Meanwhile, the Federal Investigation Agency (FIA) has also faced internal threats, with 51 employees dismissed over the last 3 years for alleged collusion with human traffickers—6 in 2022, 4 in 2023, and a staggering 41 in 2024. These figures point to systemic weaknesses in recruitment, oversight, and accountability.
Internationally, even highly secure institutions have experienced insider-related threats. In the United States, the Pentagon recently admitted that the personal and financial data of 30,000 military and civilian personnel had been compromised due to a breach involving a third-party travel service provider. Another well-known example is the 2013 case of a former NSA contractor, Edward Snowden, who leaked classified information about the United States’ global surveillance programs. Snowden revealed this information after ignoring his internal concerns, demonstrating how a single insider can inflict widespread damage.
Strategies to Mitigate the Risk of an Insider Attack
To address such threats, an effective insider risk protection program should be implemented to prevent malicious insiders from carrying out activities that can harm the organization. Oliver Wyman has developed a comprehensive insider risk program framework with five key characteristics.
1. Well-articulated policies and programs for risk management,
2. Effective information sharing and monitoring
3. Program management and prevention strategies
4. Leverage technological solutions to consistently monitor suspicious behavior
5. Implement lessons from the past to continuously improve the system.
Public sector employees should also go through mandatory training programs to be sensitized to new methods of cyber and phishing attacks. Multi-level checks should be implemented to minimize opportunities by limiting insiders’ access, authority, and knowledge. Comprehensive scrutiny of individuals should be done before employment, which includes their identity verification, background check, financial assessment, history, and ideological check. During employment, periodic assessments of trustworthiness should be conducted. Departments should be compartmentalized so that a single person does not have excessive access and knowledge.
Positive reinforcement can also make a difference. Good performance and behavior should be rewarded to keep the employees satisfied. Protective measures should also be taken to detect, delay, and respond to malicious acts. It includes personal tracking, surveillance, and monitoring of all endpoint devices. Tailored training should be provided based on past experiences and potential threats to that specific organization.
In conclusion, when working in the public sector, where dealing with sensitive citizen information is a regular task, it is essential to have well-trained employees who follow security best practices. The training programs should cover topics such as identifying phishing attempts, secure handling of private and confidential data, and adherence to internal security policies. Regular awareness sessions can help to establish a security culture where employees are the first line of defense against threats, not threats themselves.
If you want to submit your articles and/or research papers, please visit the Submissions page.
To stay updated with the latest jobs, CSS news, internships, scholarships, and current affairs articles, join our Community Forum!
The views and opinions expressed in this article/paper are the author’s own and do not necessarily reflect the editorial position of Paradigm Shift.
The writer is a junior year student currently pursing bachelors in Public Administration from National University of Sciences and Technology. She writes on issues related to Social policies, geo-politics and public policy.