MIROR Journal Background
Insider threat is dangerous to organizations and their people, intellectually, physically, and emotionally. For many years, those serving the purpose of protection sought to counter the insider threat by focusing on identifying individual threats among the thousands, tens of thousands, or more employees that did not present a threat. We expended tremendous time and resource to develop tools, models, and algorithms to identify these malicious or unintentional threats (with varying levels of efficacy). Certainly, these efforts have been productive, useful, and protective. Unfortunately, with all the resource leveraged against the problem, we continue to be largely reactive to threat activity that manifests while seeking a more proactive approach.
Recent research into the idea of insider risk has promise to be such a proactive approach. Rather than using a binary classification of “threat” or “no threat,” consideration of risk makes use of the entire spectrum in between “0” and “1.” The insider risk discussion enables a broader, “ecosystem” approach to countering damaging insider activity impacting an organization or its people before that activity is allowed to mature into a threat or a danger. We may finally move beyond a confrontational and punitive threat-based mindset to one of holistic individual and enterprise wellness that makes dangerous threat activity incompatible with existence.
It is likely that even with the most insightful and effective risk management and threat identification that procedures damaging insider actions will still occur. In this event, the ability of the enterprise to care for its personnel and mission is of paramount importance. This organizational resilience must be deliberately cultivated, it will not happen by accident. Fortunately, the very actions organizations take to increase wellness and resilience within its individuals and across the enterprise have been shown to reduce risk and threat behaviors.